XZ and banned filename
aBod
abod at list.ru
Sat Aug 7 15:58:18 CEST 2021
Hello Amavis-users,
Amavis do not ban message if you receive XZ compressed file and into it has a forbidden "banned file name" (for example notepad.exe.xz)
From mail.log:
Checking for banned types and filenames
lookup: (scalar) matches, result="DEFAULT"
lookup [banned_filename], 1 matches for "email at domain.tld", results: "(constant:DEFAULT)"=>"DEFAULT"
collect banned table[0]: email at domain.tld, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x55af0385a4b0)
starting banned checks - traversing message structure tree
check_for_banned (p003,p001) multipart/mixed | text/plain,.asc
doing banned check for email at domain.tld on multipart/mixed | text/plain,.asc
lookup_re(["multipart/mixed","text/plain",".asc"]), no matches
lookup [check_bann:email at domain.tld] => undef, ["multipart/mixed","text/plain",".asc"] does not match
lookup [banned_namepath_re] => undef, "P=p003\tL=1\tM=multipart/mixed\nP=p001\tL=1/1\tM=text/plain\tT=asc" does not match
p.path email at domain.tld: "P=p003,L=1,M=multipart/mixed | P=p001,L=1/1,M=text/plain,T=asc"
check_for_banned (p003,p002) multipart/mixed | application/octet-stream,.dat,notepad.exe.xz
doing banned check for email at domain.tld on multipart/mixed | application/octet-stream,.dat,notepad.exe.xz
lookup_re(["multipart/mixed","application/octet-stream",".dat","notepad.exe.xz"]), no matches
lookup [check_bann:email at domain.tld] => undef, ["multipart/mixed","application/octet-stream",".dat","notepad.exe.xz"] does not match
lookup [banned_namepath_re] => undef, "P=p003\tL=1\tM=multipart/mixed\nP=p002\tL=1/2\tM=application/octet-stream\tT=dat\tN=notepad.exe.xz" does not match
p.path email at domain.tld: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/octet-stream,T=dat,N=notepad.exe.xz"
banned check: any=0, all=N (1)
I so decide:
unshift(@decoders, ['dat', \&do_uncompress,
['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ] );
Is there another way?
P.S.
os-release ="Debian GNU/Linux 10 (buster)"
amavisd-new/stable,now 1:2.11.0-6.1 all [installed]
Interface between MTA and virus scanner/content filters
--
Best regards,
aBod mailto:abod at list.ru
More information about the amavis-users
mailing list