Cannot ban lzh attachment

[Nikolaos Milas]

On 1/12/2021 12:46 μ.μ., Bastian Blank wrote:

> Here you are blocking litral ".lzh", not something ending with .lzh.
> This means Amavis will block the type LZH, not a filename. 

Thank you Bastian. That helped me clear things out, as well as Pali's 
suggestion to use qr'.\.(exe|lha|cab|dll|lzh)$'

In the amavisd.conf file I also had:

qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi|
msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd|
         wmf|wsc|wsf|wsh)$'ix,             # banned extensions - long
   qr'.\.(asd|asf|asx|url|vcs|wmd|wmz)$'i, # consider also

so I added:

   qr'.\.(bin|iso|img|gz|lzh)$'i,

and that worked!

Interestingly, would you know what "x" signifies at the end of:

    ...wmf|wsc|wsf|wsh)$'ix,

...? What does x mean?

>
>> Nov 30 09:24:07 mailgw1 amavis[679693]: (679693-19) p005 1/3 Content-Type:
>> application/x-rar, base64, size: 279014, SHA1 digest:
>> 33ef47204c4cfbcd959b410db9d1de3da815c86f, name: proforma Τιμολόγιο Αρ. M
>> 67EE0077.
>> lzh
> But Amavis reports a rar file.  So you want ".rar".

In any case, we dropped the mail based on the extensions of the attached 
files as I explained above.

However, we might not want to drop RAR file type, but allow the scanner 
to scan its contents:

    @decoders = (
    ...
       ['rar',  \&do_unrar, ['unrar', 'rar'] ],

Yet, it seems that unrar is not available on the box:

# which unrar
/usr/bin/which: no unrar in 
(/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)

I couldn't find unrar in the installed repos.

Would you have any suggestions to resolve this?

Thanks a lot,
Nick