amavisd-new banned files problem

Discussion in 'Installation/Configuration' started by davy, Dec 7, 2008.

  1. davy

    davy New Member

  2. falko

    falko Super Moderator ISPConfig Developer

    You can specify a quarantine directory in the amavisd configuration.
     
  3. davy

    davy New Member


    Below is my config File: 20-debian_defaults. It can ban 14 level of files(zip/rar) which consist of banned file format(such as EXE)

    # Quota limits to avoid bombs (like 42.zip)

    $MAXLEVELS = 14;
    $MAXFILES = 1500;
    $MIN_EXPANSION_QUOTA = 100*1024; # bytes
    $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes

    In CentOS, it can work.

    Thanks for your reply.

    Davy
     
  4. davy

    davy New Member

    Hi,

    Below message come from my CentOS mailserver which can block up 14 levels of EXE files.

    In Ubuntu 8.10 can not block in the same files. Do you know how to set amavis-new(config file)?

    Thanks

    Davy

    BANNED CONTENTS ALERT

    Our content checker found
    banned name: multipart/mixed | application/octet-stream,.rar,WinXP Key.rar
    | .txt,Windows XP PRO VLK§Ç¦C¸¹*קï.VBS

    in email presumably from you <[email protected]> to the following recipient:
    -> [email protected]
    Our internal reference code for your message is 13903-04/b8cdmyhpLwyb

    First upstream SMTP client IP address: [192.168.16.80]

    Return-Path: <[email protected]>
    From: <[email protected]>
    Message-ID: <000001c95a65$ae728fb0$0b57af10$@com>
    Subject: test RAR

    Delivery of the email was stopped!

    The message has been blocked because it contains a component (as a MIME part or nested within) with declared name or MIME type or contents type violating our access policy.

    To transfer contents that may be considered risky or unwanted by site policies, or simply too large for mailing, please consider publishing your content on the web, and only sending an URL of the document to the recipient.

    Depending on the recipient and sender site policies, with a little effort it might still be possible to send any contents (including
    viruses) using one of the following methods:

    - encrypted using pgp, gpg or other encryption methods;

    - wrapped in a password-protected or scrambled container or archive
    (e.g.: zip -e, arj -g, arc g, rar -p, or other methods)

    Note that if the contents is not intended to be secret, the encryption key or password may be included in the same message for recipient's convenience.

    We are sorry for inconvenience if the contents was not malicious.

    The purpose of these restrictions is to cut the most common propagation methods used by viruses and other malware. These often exploit automatic mechanisms and security holes in more popular mail readers (Microsoft mail readers and browsers are a common target). By requiring an explicit and decisive action from the recipient to decode mail, the danger of automatic malware propagation is largely reduced.
     
  5. falko

    falko Super Moderator ISPConfig Developer

    Did you compare your amavisd configuration with the one on your CentOS server?

    Any errors in your mail log?
     
  6. davy

    davy New Member

    I did compare to CentOS(amavis) config file which is almost same as Ubuntu(amavis)file(.20-debian_defaults)

    In CentOS maillog: Block spam------BANNED CONTENTS ====This one is OK.

    In Ubuntu mail.log: Pass Clean ====This one is NG

    Do you have any solution to block the RAR files(banned EXE)?

    Thanks for your reply

    Davy
     

Share This Page