Cannot ban lzh attachment
pali at cpan.org
pali at cpan.org
Tue Nov 30 14:20:31 CET 2021
On Tuesday 30 November 2021 14:35:11 Nikolaos Milas wrote:
> Hello,
>
> On CentOS 8 / amavis 2.12 we are receiving (a significant number of)
> incoming mail, each addressed to a large number of people in our org, each
> with two virus infected attachments: .lzh and .gz extension.
>
> I have configured:
>
> $banned_filename_re = new_RE(
>
> ### BLOCKED ANYWHERE
> qr'^\.(exe|lha|cab|dll|lzh)$',
> ...
>
> yet, we are still receiving such mail.
>
> ...
>
> My questions:
>
> 1. Since I have configured .lzh as "BLOCKED ANYWHERE", shouldn't such an
> email be banned, as it contains a file attachment with .lzh extension? Why
> the mail is not getting dropped?
Hello! IIRC pattern ^\. is used for specifying file(1) type and
pattern .\. for specifying filename extension. But I'm not sure.
Anyway if it is truth that ^\. does not specify file extension then it
would explain why qr'^\.(exe|lha|cab|dll|lzh)$' did not blocked files
with lzh extension. Could you try to change that pattern to following
one if it helps? qr'.\.(exe|lha|cab|dll|lzh)$'
> 2. Even if the mail (with the banned attachment) is not getting dropped (for
> some unknown reason), why amavis does not seem able to scan it ("Decoding...
> failed", see above).
>
> Any replies / suggestions please?
>
> I appreciate your help.
>
> Thanks in advance,
> Nick
>
>
More information about the amavis-users
mailing list