Exceptions to attachment type blocking?

Ralf Hildebrandt r at sys4.de
Mon Feb 4 16:39:35 CET 2019

We're blocking exe/executables:

$banned_filename_re = new_RE(
  qr'^\.(exe-ms|dll|javascript)$',         # banned file(1) types, rudimentary

Now recently some Microsoft (*.docx) documents turned up which are
being blocked due to "message contains .exe":

X-Amavis-Alert: BANNED, message contains .exe,.exe-ms,[trash]/0000.dat

Looking at the document and unzipping it I find a subdirectory
"[trash]", containing:

-rw-r--r-- 1 root root  140 Jan  1  1980 0000.dat
-rw-r--r-- 1 root root  331 Jan  1  1980 0001.dat
-rw-r--r-- 1 root root  269 Jan  1  1980 0002.dat
-rw-r--r-- 1 root root  335 Jan  1  1980 0003.dat

0000.dat: DOS executable (block device driver)
0001.dat: DOS executable (block device driver)
0002.dat: DOS executable (block device driver)
0003.dat: DOS executable (block device driver)

So I'm either looking for a way of emptying the "[trash]" resource (or
whatever it's called) OR to make execptions for that particular path
within a ZIP archive in amavisd-new.

[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the amavis-users mailing list