Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
BANNED, message contains text/plain,.exe issue.
393 views
Skip to first unread message
Watthanachai Kekhua
Mar 9, 2015, 12:22:11 AM3/9/15
to
Dear Amavis-users,
Today we found some strange situation for incoming email when enabled blocking “.exe” in zip file extension on amavisd.conf as below configuration.
### amavisd.conf for BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
Now , We always found banned email from incoming email send from Lotus note MTA .
And Sender address try to send attach file “.xls” and normal email with plain text after that our amavisd detect both email as “BANNED” type.
#maillog message show
BANNED, message contains text/plain,.exe
(554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
#Detail information application
FreeBSD 9 Amd64 bit
Postfix + amavisd-new-2.8.0_2
Have you ever found this kind of issue and how to solved problem for this issue ?
Please do not hesitate to contact us , If you have any questions .
Best Regards.
################################
# Watthanachai KEKHUA (Golf)
# Operation And Maintenance Department (OAM)
# Tel: 02-2367227 Ext. 1624
# NTT Communications (Thailand) Co., Ltd.
#################################
DISCLAIMER :
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
Olivier Nicole
Mar 9, 2015, 1:11:43 AM3/9/15
to
Hi Golf,
> Today we found some strange situation for incoming email when enabled blocking ".exe" in zip file extension on amavisd.conf as below configuration.
>
> ### amavisd.conf for BLOCKED ANYWHERE
> # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
>
> Now , We always found banned email from incoming email send from Lotus note MTA .
> And Sender address try to send attach file ".xls" and normal email with plain text after that our amavisd detect both email as "BANNED" type.
I don't understand what you mean.
Since you have banned .exe all message from Lotus note are banned, even
when they have no .exe in it?
In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned
directory. You could have a close look at the messages and confirm if
they are good or not.
If you *need* to discuss in Thai, maybe I can help.
Best regards,
Olivier
> #maillog message show
> BANNED, message contains text/plain,.exe
> (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
> #Detail information application
> FreeBSD 9 Amd64 bit
> Postfix + amavisd-new-2.8.0_2
>
> Have you ever found this kind of issue and how to solved problem for this issue ?
>
> Please do not hesitate to contact us , If you have any questions .
> Best Regards.
> ################################
> # Watthanachai KEKHUA (Golf)
> # Operation And Maintenance Department (OAM)
> # Tel: 02-2367227 Ext. 1624
> # NTT Communications (Thailand) Co., Ltd.
> #################################
>
> DISCLAIMER :
> This email is for the use of the intended recipient(s) only.
> If you have received this email in error, please notify the sender immediately and then delete it.
> If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
> We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
> We cannot accept liability for any loss or damage caused by software viruses.
> The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
> If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
>
>
> [2:text/html Show]
>
--
> Today we found some strange situation for incoming email when enabled blocking ".exe" in zip file extension on amavisd.conf as below configuration.
>
> ### amavisd.conf for BLOCKED ANYWHERE
> # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
>
> Now , We always found banned email from incoming email send from Lotus note MTA .
> And Sender address try to send attach file ".xls" and normal email with plain text after that our amavisd detect both email as "BANNED" type.
Since you have banned .exe all message from Lotus note are banned, even
when they have no .exe in it?
In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned
directory. You could have a close look at the messages and confirm if
they are good or not.
If you *need* to discuss in Thai, maybe I can help.
Best regards,
Olivier
> #maillog message show
> BANNED, message contains text/plain,.exe
> (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
> #Detail information application
> FreeBSD 9 Amd64 bit
> Postfix + amavisd-new-2.8.0_2
>
> Have you ever found this kind of issue and how to solved problem for this issue ?
>
> Please do not hesitate to contact us , If you have any questions .
> Best Regards.
> ################################
> # Watthanachai KEKHUA (Golf)
> # Operation And Maintenance Department (OAM)
> # Tel: 02-2367227 Ext. 1624
> # NTT Communications (Thailand) Co., Ltd.
> #################################
>
> DISCLAIMER :
> This email is for the use of the intended recipient(s) only.
> If you have received this email in error, please notify the sender immediately and then delete it.
> If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
> We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
> We cannot accept liability for any loss or damage caused by software viruses.
> The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
> If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
>
>
>
--
Watthanachai Kekhua
Mar 9, 2015, 1:49:15 AM3/9/15
to
To Mr.Olivier
Thank you for your comment.
Since you have banned .exe all message from Lotus note are banned, even when they have no .exe in it?
=> Yes , correct . Amavisd detect some email from Lotus note as "BANNED" even that email not have ".exe" inside.
For this issue it look like false positive for us , due to after enabled block ".exe" , "exe-ms" this configuration we just found this issue happened.
So have you any recommendation to solved this kind of issue ?
Please do not hesitate to contact us , If you have any questions .
Best Regards.
################################
# Watthanachai KEKHUA (Golf)
Thank you for your comment.
Since you have banned .exe all message from Lotus note are banned, even when they have no .exe in it?
For this issue it look like false positive for us , due to after enabled block ".exe" , "exe-ms" this configuration we just found this issue happened.
### amavisd.conf for BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned directory. You could have a close look at the messages and confirm if they are good or not.
=> I've checked this email content before and we found it 's good email and not have .exe attach file inside.
So have you any recommendation to solved this kind of issue ?
Please do not hesitate to contact us , If you have any questions .
Best Regards.
################################
# Watthanachai KEKHUA (Golf)
################################
DISCLAIMER :
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
DISCLAIMER :
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
Olivier Nicole
Mar 9, 2015, 2:44:43 AM3/9/15
to
Golf,
> Since you have banned .exe all message from Lotus note are banned, even when they have no .exe in it?
> => Yes , correct . Amavisd detect some email from Lotus note as "BANNED" even that email not have ".exe" inside.
>
> For this issue it look like false positive for us , due to after enabled block ".exe" , "exe-ms" this configuration we just found this issue happened.
> ### amavisd.conf for BLOCKED ANYWHERE
> # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
>
> In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned directory. You could have a close look at the messages and confirm if they are good or not.
> => I've checked this email content before and we found it 's good email and not have .exe attach file inside.
>
> So have you any recommendation to solved this kind of issue ?
You need to look at the full variable $banned_filename_re, it has more
than qr'^\.(exe-ms|dll)$', and goes on several lines, ending with a
single line with );
You also need to look at one good message in /var/virusmail/banned and
see what is the exact contents, why it is banned (example:
X-Amavis-Alert: BANNED, message contains .exe,.exe-ms,PO.exe), etc.
Maybe Lotus note includes a signature that is banned?
Best regards,
Olivier
> Since you have banned .exe all message from Lotus note are banned, even when they have no .exe in it?
> => Yes , correct . Amavisd detect some email from Lotus note as "BANNED" even that email not have ".exe" inside.
>
> For this issue it look like false positive for us , due to after enabled block ".exe" , "exe-ms" this configuration we just found this issue happened.
> ### amavisd.conf for BLOCKED ANYWHERE
> # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
>
> In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned directory. You could have a close look at the messages and confirm if they are good or not.
> => I've checked this email content before and we found it 's good email and not have .exe attach file inside.
>
> So have you any recommendation to solved this kind of issue ?
than qr'^\.(exe-ms|dll)$', and goes on several lines, ending with a
single line with );
You also need to look at one good message in /var/virusmail/banned and
see what is the exact contents, why it is banned (example:
X-Amavis-Alert: BANNED, message contains .exe,.exe-ms,PO.exe), etc.
Maybe Lotus note includes a signature that is banned?
Best regards,
Olivier
Watthanachai Kekhua
Mar 11, 2015, 3:34:43 AM3/11/15
to
To Mr.Olivier,
CC: Amavisd users
After we have considered and deep checked and then we found this error related with this configure below "amavisd.conf" ,
Once enable this configure to block exe in .zip file , this kind of issue begin to happened.
And we also test with below
1. Email with normal plain text => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
2. Email with image file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
3. Email with pdf file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
#All 3 cases maillog message show
And how to fix this kind of issue ?
Please do not hesitate to contact us , If you have any questions .
Best Regards.
################################
# Watthanachai KEKHUA (Golf)
# Operation And Maintenance Department (OAM)
# Tel: 02-2367227 Ext. 1624
# NTT Communications (Thailand) Co., Ltd.
#################################
DISCLAIMER :
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
CC: Amavisd users
After we have considered and deep checked and then we found this error related with this configure below "amavisd.conf" ,
### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
Due to before enable this configuration , This issue not happened before.
qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
Once enable this configure to block exe in .zip file , this kind of issue begin to happened.
And we also test with below
1. Email with normal plain text => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
2. Email with image file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
3. Email with pdf file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
#All 3 cases maillog message show
BANNED, message contains text/plain,.exe
(554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
Have anyone ever found this kind of issue when enabled " qr'^\.(exe|exe-ms|dll)$', " ?
(554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
And how to fix this kind of issue ?
Please do not hesitate to contact us , If you have any questions .
Best Regards.
################################
# Watthanachai KEKHUA (Golf)
# Operation And Maintenance Department (OAM)
# Tel: 02-2367227 Ext. 1624
# NTT Communications (Thailand) Co., Ltd.
#################################
DISCLAIMER :
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
Olivier Nicole
Mar 11, 2015, 4:40:08 AM3/11/15
to
Dear Golf,
Watthanachai Kekhua <wattha...@ntt.co.th> writes:
> To Mr.Olivier,
> CC: Amavisd users
>
> After we have considered and deep checked and then we found this error related with this configure below "amavisd.conf" ,
> ### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
Usually it is not only qr'^\.(exe|exe-ms|dll)$, but it is many lines
like in my configuration:
$banned_filename_re = new_RE(
### BLOCKED ANYWHERE
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
# qr'^\.zip$', # block zip type
### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
# qr'^message/partial$'i, # rfc2046 MIME type
# qr'^message/external-body$'i, # rfc2046 MIME type
# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type
# qr'^\.wmf$', # Windows Metafile file(1) type
# block certain double extensions in filenames
qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose
qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic
# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename
# qr'^\.ani$', # banned animated cursor file(1) type
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
);
So you must check every line, not just one line.
> Due to before enable this configuration , This issue not happened before.
> Once enable this configure to block exe in .zip file , this kind of issue begin to happened.
>
> And we also test with below
> 1. Email with normal plain text => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
> 2. Email with image file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
> 3. Email with pdf file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
>
> #All 3 cases maillog message show
> BANNED, message contains text/plain,.exe
> (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
>
> Have anyone ever found this kind of issue when enabled " qr'^\.(exe|exe-ms|dll)$', " ?
> And how to fix this kind of issue ?
You must look at the messages in /var/virusmail/banned and make sure
that Lotus note is not adding somthing in the message, even if you send
plain text message, Lotus note may be doing something to it, the only
way is to check the message in /var/virusmail/banned
Watthanachai Kekhua <wattha...@ntt.co.th> writes:
> To Mr.Olivier,
> CC: Amavisd users
>
> After we have considered and deep checked and then we found this error related with this configure below "amavisd.conf" ,
> ### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
like in my configuration:
$banned_filename_re = new_RE(
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
# qr'^\.zip$', # block zip type
### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
# qr'^message/partial$'i, # rfc2046 MIME type
# qr'^message/external-body$'i, # rfc2046 MIME type
# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type
# qr'^\.wmf$', # Windows Metafile file(1) type
# block certain double extensions in filenames
qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose
qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic
# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename
# qr'^\.ani$', # banned animated cursor file(1) type
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
);
So you must check every line, not just one line.
> Due to before enable this configuration , This issue not happened before.
> Once enable this configure to block exe in .zip file , this kind of issue begin to happened.
>
> And we also test with below
> 1. Email with normal plain text => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
> 2. Email with image file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
> 3. Email with pdf file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
>
> #All 3 cases maillog message show
> BANNED, message contains text/plain,.exe
> (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe)
>
> Have anyone ever found this kind of issue when enabled " qr'^\.(exe|exe-ms|dll)$', " ?
> And how to fix this kind of issue ?
that Lotus note is not adding somthing in the message, even if you send
plain text message, Lotus note may be doing something to it, the only
way is to check the message in /var/virusmail/banned
Watthanachai Kekhua
Mar 16, 2015, 3:06:57 AM3/16/15
to
To Olivier ,
After we try to disable this configure to check .exe , .exe-ms , and test with email that include ban content email
then that email could pass normally and never block ban .
So we surely this kind of blocking relate with this configure line.
They said about file(1) , But my file version already version 5.14 .
So any recommendation to fix or any hints on this issue ?
Please do not hesitate to contact us , If you have any questions .
Best Regards.
################################
# Watthanachai KEKHUA (Golf)
After we try to disable this configure to check .exe , .exe-ms , and test with email that include ban content email
then that email could pass normally and never block ban .
### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
#qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
So we surely this kind of blocking relate with this configure line.
qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
So I also try to find this kind of problem on amavis forum ,
They said about file(1) , But my file version already version 5.14 .
So any recommendation to fix or any hints on this issue ?
Please do not hesitate to contact us , If you have any questions .
Best Regards.
################################
# Watthanachai KEKHUA (Golf)
Olivier Nicole
Mar 16, 2015, 4:09:36 AM3/16/15
to
Hi Golf,
> After we try to disable this configure to check .exe , .exe-ms , and test with email that include ban content email
> then that email could pass normally and never block ban .
> ### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> #qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
I would try to disable each term of the query one after the other, try:
qr'^\.(exe-ms|dll)$',
qr'^\.(exe|dll)$',
qr'^\.(exe|exe-ms)$',
one after the other and see which one is working or not.
I still strongly suspect Lotus note to add some stupid signature with
some banned attachement in it, but this you can only see in the mail in
/var/virusmal/banned
Best regards,
Olivier
> After we try to disable this configure to check .exe , .exe-ms , and test with email that include ban content email
> then that email could pass normally and never block ban .
> ### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> #qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
qr'^\.(exe-ms|dll)$',
qr'^\.(exe|exe-ms)$',
one after the other and see which one is working or not.
I still strongly suspect Lotus note to add some stupid signature with
some banned attachement in it, but this you can only see in the mail in
/var/virusmal/banned
Best regards,
Olivier
Guido Kuehler
Apr 13, 2015, 1:40:10 PM4/13/15
to
We receive Email-Messages (Austrian.com Boarding Pass) with attached
*.pkpass file and Content-Type: application/vnd.apple.pkpass.
Amavis block all this Messages with the Banned-Info (.dat,signature)
How we can allow this specifief Emails and Attachments?
Best Regards!
Guido
*.pkpass file and Content-Type: application/vnd.apple.pkpass.
Amavis block all this Messages with the Banned-Info (.dat,signature)
How we can allow this specifief Emails and Attachments?
Best Regards!
Guido
0 new messages