Hallo und Guten Morgen Gary,
Heute (am 18.09.2005 - 03:02 Uhr)
schriebst Du:
> Which banned lookup table are you using?:
> # use old or new style of banned lookup table; not both to avoid confusion
> #
> # @banned_filename_maps = (); # to disable old-style
> $banned_namepath_re = undef; # to disable new-style
> Whichever one it is, show the contents of the table in your reply,
> not as an attachment.
Here is the part
@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr'^(WM97|OF97|Joke\.)'i => 0], # adjust names to match your AV scanner
[qr/^/ => 1], # true for everything else
));
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
# new-style of banned lookup table
$banned_namepath_re = new_RE(
# block these MIME types
qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi,
qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,
qr'(?#NO HTA) ^(.*\t)? M=application/hta (\t.*)? $'xmi,
# # block rfc2046 MIME types
qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi,
qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi,
# # within traditional Unix compressions allow any name and type
[ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2) (\t.*)? $'xmi => 0 ], # allow
# within traditional Unix archives allow any name and type
[ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow
# block certain double extensions in filenames
qr'(?# BLOCK DOUBLE-EXTENSIONS )
^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.
(exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,
# # block Class ID (CLSID) extensions in filenames
qr'(?# BLOCK CLSID-EXTENSIONS )
^ (.*\t)? N= [^\t\n]* \{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}? [^\t\n]* (\t.*)?
$'xmi,
# # banned declared names with three or more consecutive spaces
qr'(?# BLOCK NAMES WITH SPACES )
^ (.*\t)? N= [^\t\n]* [ ]{3,} 'xmi,
# # within PC archives allow any types or names at any depth
[ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj) (\t.*)? $'xmi => 0 ], # ok
# # within certain archives allow leaf members at any depth if crypted
[ qr'(?# ALLOW ENCRYPTED )
^ (.*\t)? T=(zip|rar) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],
# # block if any component can not be decoded (is encrypted or bad archive)
qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi,
# banned filename extensions (in declared names) anywhere - basic
qr'(?# BLOCK COMMON NAME EXENSIONS )
^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,
# # banned filename extensions (in declared names) anywhere - long
qr'(?# BLOCK MORE NAME EXTENSIONS )
^ (.*\t)? N= [^\t\n]* \. (
ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
wmf|wsc|wsf|wsh) (\t.*)? $'xmi,
# # banned filename extensions anywhere - WinZip vulnerability (pre-V9)
qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS )
^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi,
[ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )
^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi
=> 'DISCARD' ],
qr'(?# BLOCK Microsoft EXECUTABLES )
^ (.*\t)? T=exe-ms (\t.*)? $'xm, # banned file(1) type
);
--
Viele Grüße, Kind regards,
Jim Knuth
[EMAIL PROTECTED]
ICQ #277289867
PGP: 54C9 1A46 D3B2 95B6 454D 74FA AC73 773E 1F78 066F
----------
Zufalls-Zitat
----------
Verbrecher kehren manchmal an der Ort ihres Verbrechens
zurück. Politiker werden wiedergewählt. (Karll Trinkewitz)
----------
Der Text hat nichts mit dem Empfänger der Mail zu tun
----------
Virus free. Checked by NOD32 Version 1.1219 Build 6110 16.09.2005
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
