False positives "text/plain,.exe"
Tilman Schmidt
tschmidt at cardtech.de
Tue Apr 26 12:47:02 CEST 2016
On 26.04.2016 12:28, Olivier Nicole wrote:
> Tilman Schmidt <tschmidt at cardtech.de> writes:
>
>> On our mailserver, Amavis is quarantining a lot of mails claiming that
>> they contain a banned attachment of type "text/plain,.exe" even though,
>> when inspecting the quarantined mail, they turn out not to contain any
>> attachment at all, not even an image or signature, just "text/plain"
>> and possibly "text/html" within "multipart/alternative".
[...]
> That would request an example I think
No prob, this here comes straight from my quarantine folder. The
message itself came from the mailing list, so I consider it public.
I just deleted the (internal) recipient address. Hope it goes through
sufficiently unmangled:
--------8<--------8<--------8<--------8<--------8<--------8<--------
Return-Path: <python-list-bounces+CENSORED at python.org>
Delivered-To: banned-quarantine
X-Envelope-To: <CENSORED>
X-Envelope-To-Blocked: <CENSORED>
X-Quarantine-ID: <IQjFj0FHSow2>
X-Amavis-Alert: BANNED, message contains text/plain,.exe
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tag=-999 tag2=3.51 kill=10.31 tests=[]
autolearn=unavailable
Authentication-Results: mail.cardtech.de (amavisd-new);
dkim=pass (1024-bit key) header.d=python.org
Received: from mail.cardtech.de ([127.0.0.1])
by localhost (mail.cardtech.de [127.0.0.1]) (amavisd-new, port
10024)
with LMTP id IQjFj0FHSow2 for <rzoelcher at cardtech.de>;
Tue, 26 Apr 2016 10:33:20 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=python.org; s=200901;
t=1461659599; bh=FLS4ZcQOvYtjaedTcWLllSDAQg4hZKbrd+8t+nNgU5c=;
h=From:Subject:Date:References:To:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From;
b=ga6GeMSl+yFfZxNqtrWgsJngj5egRwzPIyBSsVUofrYpHN1H8FNd2KMhU6jqH3fAx
GAoQEv7Oz3vlA0SZxdztAWHKpxITWtAf8r9iOoSZF10qsGZFLeqxw9vzKjs7P3OSnp
PAt5PS2nOCeTaSLJfdiVmHqQOczMauwh09UVn5Ag=
Path:
uni-berlin.de!fu-berlin.de!news.swapon.de!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail
From: Marko Rauhamaa <marko at pacujo.net>
Newsgroups: comp.lang.python
Subject: Re: def __init__(self):
Date: Tue, 26 Apr 2016 11:25:39 +0300
Organization: A noiseless patient Spider
Lines: 47
References: <34e51ef5-9679-40ec-bc8f-47981353e9d7 at googlegroups.com>
<571F1361.3010402 at digipen.edu> <85eg9sn7qo.fsf at benfinney.id.au>
<mailman.100.1461656092.32212.python-list at python.org>
Mime-Version: 1.0
Injection-Info: mx02.eternal-september.org;
posting-host="b7cb1518d23ec19d482dcc9c31d30fdd";
logging-data="1534"; mail-complaints-to="abuse at eternal-september.org";
posting-account="U2FsdGVkX1+kfQYunsbiY1FNyuLpe8Xv"
Cancel-Lock: sha1:8X8YsKlZngq/uWBwK9ngVvzkR8c=
sha1:oJHhJKD222m5MlqDi9kwFVitNLY=
Xref: uni-berlin.de comp.lang.python:758676
To: python-list at python.org
X-BeenThere: python-list at python.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request at python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list at python.org>
List-Help: <mailto:python-list-request at python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request at python.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: python-list-bounces+rzoelcher=cardtech.de at python.org
Sender: "Python-list" <python-list-bounces+rzoelcher=cardtech.de at python.org>
QmVuIEZpbm5leSA8YmVuK3B5dGhvbkBiZW5maW5uZXkuaWQuYXU+OgoKPiBHYXJ5IEhlcnJvbiA8
Z2hlcnJvbkBkaWdpcGVuLmVkdT4gd3JpdGVzOgo+Cj4+ICAgIFRoZSBfX2luaXRfXyBtZXRob2Qg
aXMgdGhlIGNvbnN0cnVjdG9yIGZvciBpbnN0YW5jZXMgb2YgYSBjbGFzcy4KPj4gICAgSXQgaXMg
bm90IHJlcXVpcmVkLCBidXQgdGhlIHNpdHVhdGlvbnMgaW4gd2hpY2ggYSBjb25zdHJ1Y3RvciBp
cwo+PiAgICBub3QgbmVlZGVkIGFyZSBmZXcgYW5kIHVudXN1YWwuCj4KPiBUaGF0J3MgbmVlZGxl
c3NseSBjb25mdXNpbmc6IOKAmF9faW5pdF9f4oCZIGlzIG5vdCBhIGNvbnN0cnVjdG9yIGJlY2F1
c2UKPiBpdCBkb2VzIG5vdCBjb25zdHJ1Y3QgdGhlIGluc3RhbmNlLiBUaGUg4oCYX19uZXdfX+KA
mSBtZXRob2QgaXMgdGhlCj4gY29uc3RydWN0b3IgZm9yIGEgY2xhc3MgKGFuZCByZXR1cm5zIHRo
ZSBuZXcgaW5zdGFuY2UpLgoKSSBoYXZlIG5ldmVyIGV2ZXIgaGFkIGEgdGVtcHRhdGlvbiB0byBz
cGVjaWZ5IGEgX19uZXdfXyBtZXRob2QuIEkgY2FuJ3QKaW1hZ2luZSBhICpiZW5lZmljaWFsKiBj
YXNlIG9mIG92ZXJyaWRpbmcgaXQuCgo+IFRoZSDigJhfX2luaXRfX+KAmSBtZXRob2QgcmVxdWVz
dHMgdGhlIGFscmVhZHktY29uc3RydWN0ZWQgaW5zdGFuY2UgdG8KPiBpbml0aWFsaXNlIGl0c2Vs
ZiAoYW5kIHJldHVybnMgTm9uZSkuCgpJdCBpcyBhIHNlcmlvdXMgcHJhY3RpY2FsIHByb2JsZW0g
dGhhdCBhbiBvYmplY3QgY2FuJ3QgZ3VhcmFudGVlIHRoYXQKaXRzIF9faW5pdF9fIGhhcyBiZWVu
IGNhbGxlZC4KCkNoZWNrIG91dCBzb21lIG9mIHRoZSBzdGRsaWIgc291cmNlIGNvZGUgZm9yIGV4
YW1wbGU6Cgo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT0KY2xhc3MgVGhyZWFkUG9vbEV4ZWN1dG9yKF9iYXNlLkV4
ZWN1dG9yKToKICAgIGRlZiBfX2luaXRfXyhzZWxmLCBtYXhfd29ya2Vycyk6CiAgICAgICAgIiIi
SW5pdGlhbGl6ZXMgYSBuZXcgVGhyZWFkUG9vbEV4ZWN1dG9yIGluc3RhbmNlLgoKICAgICAgICBB
cmdzOgogICAgICAgICAgICBtYXhfd29ya2VyczogVGhlIG1heGltdW0gbnVtYmVyIG9mIHRocmVh
ZHMgdGhhdCBjYW4gYmUgdXNlZCB0bwogICAgICAgICAgICAgICAgZXhlY3V0ZSB0aGUgZ2l2ZW4g
Y2FsbHMuCiAgICAgICAgIiIiCiAgICAgICAgc2VsZi5fbWF4X3dvcmtlcnMgPSBtYXhfd29ya2Vy
cwogICAgICAgIHNlbGYuX3dvcmtfcXVldWUgPSBxdWV1ZS5RdWV1ZSgpCiAgICAgICAgc2VsZi5f
dGhyZWFkcyA9IHNldCgpCiAgICAgICAgc2VsZi5fc2h1dGRvd24gPSBGYWxzZQogICAgICAgIHNl
bGYuX3NodXRkb3duX2xvY2sgPSB0aHJlYWRpbmcuTG9jaygpCj09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQoKTm90
aWNlIGhvdyBfYmFzZS5FeGVjdXRvci5fX2luaXRfXyhzZWxmKSBkb2VzIG5vdCBnZXQgY2FsbGVk
LiBJdCBjYW4Kb25seSB3b3JrIGlmIF9iYXNlLkV4ZWN1dG9yIGRvZXMgbm90IHNwZWNpZnkgYW4g
X19pbml0X18uIFRoYXQncyBhbgphc3N1bXB0aW9uIHlvdSByZWFsbHkgY291bGRuJ3QgbWFrZSB3
aXRoIGEgY2xlYXIgY29uc2NpZW5jZSBldmVuIGlmIHlvdQp3ZXJlIHRoZSBhdXRob3IgYW5kIG1h
aW50YWluZXIgb2YgYm90aCBtb2R1bGVzCihjb25jdXJyZW50LmZ1dHVyZXMudGhyZWFkIGFuZCBj
b25jdXJyZW50LmZ1dHVyZXMuX2Jhc2UpLgoKCk1hcmtvCi0tIApodHRwczovL21haWwucHl0aG9u
Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3B5dGhvbi1saXN0Cg==
-------->8-------->8-------->8-------->8-------->8-------->8--------
aTdHvAaNnKcSe
Tilman
More information about the amavis-users
mailing list