How to reproduce "BANNED" status mail?
Patrick Ben Koetter
p at sys4.de
Thu Jun 29 12:35:41 CEST 2017
* Hiroyuki Sato <hiroysato at gmail.com>:
> Hello, members.
>
> I would like to confirm Amavisd "BANNED" behavior.
> (I'm investigating why this configuration removes mail contents which
> judged "BANNED" status.)
> But I can't reproduce that status with my sample
> file(Eicar-Test-Signature). It reports "INFECTED" status.
amavis tests for virii before it tests for banned files. If it detects a
virus it will not test for any other content class, e.g. banned, anymore.
That's why your EICAR test pattern triggers INFECTED and not BANNED in the
log.
Send yourself a file with a different suffix (filename) or MIME type *and*
don't forget to specify the --attach-filename, if you use swaks or filename
rules in @banned_rules will fail:
$ swaks -f sender at source.test -t recipient at destination.test -s 127.0.0.1 \
--attach-type 'application/octet-stream' --attach-filename 'test.exe' \
--attach - --suppress-data </tmp/test.exe
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list