Extension file block does not work right - E2GUARDIAN v4.1

[Bruno Guimarães]

Hello,

I do not know why, the content of the site containing:
http://d107aafi6v8j3q.cloudfront.net/zzz.com
It is recognized as text/plain and is not blocked even with .COM extension block.
Log on squid = TCP_MISS/200 1487 GET http://d107aafi6v8j3q.cloudfront.net/zzz.com - HIER_DIRECT/52.85.167.237 text/plain
And if you have extensions blocking, for example .EXE and try to access: http://d107aafi6v8j3q.cloudfront.net/exhjhjhjhjhjhjhjhjhj.exe
E2guardian blocks the site, but does it add to the end of the URL"?a=a.htm" (http://d107aafi6v8j3q.cloudfront.net/exhjhjhjhjhjhjhjhjhj.exe?a=a.htm)
You can download the file...

In the e2guardian log nothing appears on the access to this URL.
But in the squid log, it displays: TCP_MEM_HIT/200 19154 GET http://d107aafi6v8j3q.cloudfront.net/exhjhjhjhjhjhjhjhjhj.exe? - HIER_NONE/- application/octet-stream
Can anyone help?


/etc/e2guardian/lists/bannedextensionlist
#Banned extension list

# File extensions with executable code

# The following file extensions can contain executable code.
# This means they can potentially carry a virus to infect your computer.

.ade  # Microsoft Access project extension
.adp  # Microsoft Access project
.asx  # Windows Media Audio / Video
.bas  # Microsoft Visual Basic class module
.bat  # Batch file
.cab  # Windows setup file
.chm  # Compiled HTML Help file
.cmd  # Microsoft Windows NT Command script
.com  # Microsoft MS-DOS program
.cpl  # Control Panel extension
.crt  # Security certificate
.dll  # Windows system file
.exe  # Program


/etc/e2guardian/e2guardianf1.conf
# Filetype filtering
#
# Allow bannedregexpurllist with grey list mode
# bannedregexpheaderlist and bannedregexpurllist
#
# bannedregexwithblanketblock = off
#
# Blanket download blocking
# If enabled, all files will be blocked, unless they match the
# exceptionextensionlist or exceptionmimetypelist.
# These lists do not override virus scanning.
# Exception lists defined above override all types of filtering, including
# the blanket download block.
# Defaults to disabled.
# (on | off)
#
blockdownloads = off
exceptionextensionlist = '/etc/e2guardian/lists/exceptionextensionlist'
exceptionmimetypelist = '/etc/e2guardian/lists/exceptionmimetypelistcat'


# squid3 -v
Squid Cache: Version 3.4.8
 linux
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info= linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security

# e2guardian -v
e2guardian 4.1.0

Built with:  '--prefix=/usr' '--enable-clamd=yes' '--with-proxyuser=e2guardian' '--with-proxygroup=e2guardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--enable-trickledm=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--enable-pcre=yes' '--enable-sslmitm=yes'

# cat /etc/issue
Debian GNU/Linux 8 \n \l

# uname -a
Linux hostname 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux