Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th December 2008, 14:19
davy davy is offline
Member
 
Join Date: Aug 2007
Posts: 43
Thanks: 4
Thanked 0 Times in 0 Posts
Default amavisd-new banned files problem

hi,

Does anyone know how to config amavisd-new banned zip files which consist of exe files?

I install base on following:
http://www.howtoforge.com/virtual-us...ail-ubuntu8.10

Thanks alot.

Davy
Reply With Quote
Sponsored Links
  #2  
Old 8th December 2008, 11:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
Default

You can specify a quarantine directory in the amavisd configuration.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 9th December 2008, 14:38
davy davy is offline
Member
 
Join Date: Aug 2007
Posts: 43
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
You can specify a quarantine directory in the amavisd configuration.

Below is my config File: 20-debian_defaults. It can ban 14 level of files(zip/rar) which consist of banned file format(such as EXE)

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes

In CentOS, it can work.

Thanks for your reply.

Davy
Reply With Quote
  #4  
Old 10th December 2008, 02:39
davy davy is offline
Member
 
Join Date: Aug 2007
Posts: 43
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Hi,

Below message come from my CentOS mailserver which can block up 14 levels of EXE files.

In Ubuntu 8.10 can not block in the same files. Do you know how to set amavis-new(config file)?

Thanks

Davy

BANNED CONTENTS ALERT

Our content checker found
banned name: multipart/mixed | application/octet-stream,.rar,WinXP Key.rar
| .txt,Windows XP PRO VLK§Ç¦C¸¹*קï.VBS

in email presumably from you <abc@examples.com> to the following recipient:
-> ronald@examples.com
Our internal reference code for your message is 13903-04/b8cdmyhpLwyb

First upstream SMTP client IP address: [192.168.16.80]

Return-Path: <abc@examples.com>
From: <abc@examples.com>
Message-ID: <000001c95a65$ae728fb0$0b57af10$@com>
Subject: test RAR

Delivery of the email was stopped!

The message has been blocked because it contains a component (as a MIME part or nested within) with declared name or MIME type or contents type violating our access policy.

To transfer contents that may be considered risky or unwanted by site policies, or simply too large for mailing, please consider publishing your content on the web, and only sending an URL of the document to the recipient.

Depending on the recipient and sender site policies, with a little effort it might still be possible to send any contents (including
viruses) using one of the following methods:

- encrypted using pgp, gpg or other encryption methods;

- wrapped in a password-protected or scrambled container or archive
(e.g.: zip -e, arj -g, arc g, rar -p, or other methods)

Note that if the contents is not intended to be secret, the encryption key or password may be included in the same message for recipient's convenience.

We are sorry for inconvenience if the contents was not malicious.

The purpose of these restrictions is to cut the most common propagation methods used by viruses and other malware. These often exploit automatic mechanisms and security holes in more popular mail readers (Microsoft mail readers and browsers are a common target). By requiring an explicit and decisive action from the recipient to decode mail, the danger of automatic malware propagation is largely reduced.
Reply With Quote
  #5  
Old 10th December 2008, 14:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
Default

Did you compare your amavisd configuration with the one on your CentOS server?

Any errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 10th December 2008, 16:01
davy davy is offline
Member
 
Join Date: Aug 2007
Posts: 43
Thanks: 4
Thanked 0 Times in 0 Posts
 
Default

I did compare to CentOS(amavis) config file which is almost same as Ubuntu(amavis)file(.20-debian_defaults)

In CentOS maillog: Block spam------BANNED CONTENTS ====This one is OK.

In Ubuntu mail.log: Pass Clean ====This one is NG

Do you have any solution to block the RAR files(banned EXE)?

Thanks for your reply

Davy
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
web_user see's all the files on the server THE_AI Installation/Configuration 3 21st January 2008 18:40
Drupal and suPHP Problem dschmid HOWTO-Related Questions 17 9th December 2007 02:50
Requesting explanation of config files in /etc/apache2 (Debian Etch, Apache 2.2.3) rjamesd Server Operation 2 24th August 2007 13:16
Random "forbidden" error with websites kokez Installation/Configuration 33 24th July 2007 13:21
problem in cpan configuration reply me Urgent faiqmahmoodch Installation/Configuration 1 27th August 2006 16:58


All times are GMT +2. The time now is 21:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.