Michael wrote:
>> > Have you configured ClamAV to detect it?
>> >
>> > set DetectBrokenExecutables in your clamd.conf
>>
>> Cool! Didn't check my clamd.conf, I'll try this one,
>> much better than an own policy bank!
>> Thank you!
> Bad news! I've changed my clamd.conf to clean broken
> files AND used the policy bank further .. and now, both
> doesn't catch those mails. The forwarding from postfix
> to the new bank works, but neither it drops the mail cause
> of the zip attachment, nor it gets quarantined cause of
> the bad header:
> $interface_policy{'10028'} = 'BADHEADERNDR';
> $policy_bank{'BADHEADERNDR'} = {
> final_bad_header_destiny => D_BOUNCE,
> banned_filename_maps => [
> new_RE(
> qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll|zip|rar)$'i,
> qr'^\.(exe-ms)$',
> ),
> ],
> };
> Log:
> (07749-08) ESMTP::10028 /var/amavis/amavis-20051215T062557-07749: <> ->
> <[EMAIL PROTECTED]> Received: SIZE=54993 from mail.host.com ([127.0.0.1]) by
> localhost (mail.host.com [127.0.0.1]) (amavisd-new, port 10028) with ESMTP
> id 07749-08 for <[EMAIL PROTECTED]>; Thu, 15 Dec 2005 06:28:05 +0100 (CET)
> (07749-08) Checking: iQVAWWgJrHRP BADHEADERNDR <> -> <[EMAIL PROTECTED]>
> (07749-08) WARN: MIME::Parser error: part did not end with expected boundary
> (07749-08) p005 1 Content-Type: multipart/report
> (07749-08) p001 1/1 Content-Type: text/plain, size: 1615 B, name:
> (07749-08) p002 1/2 Content-Type: message/delivery-status, size: 2029 B,
> name:
> (07749-08) p006 1/3 Content-Type: message/rfc822
> (07749-08) p007 1/3/1 Content-Type: multipart/mixed
> (07749-08) p003 1/3/1/1 Content-Type: text/plain, size: 111 B, name:
> (07749-08) p004 1/3/1/2 Content-Type: application/octet-stream, size: 35910
> B, name: reg_pass-data.zip
> (07749-08) BAD HEADER from <>: MIME error: error: part did not end with
> expected boundary
> (07749-08) SPAM-TAG, <> -> <[EMAIL PROTECTED]>, No, score=3.9 tagged_above=2.5
> required=5.5 tests=[BAYES_80=3.9]
> (07749-08) FWD via SMTP: <> -> <[EMAIL PROTECTED]>, 250 2.6.0 Ok, id=07749-08,
> from MTA([127.0.0.1]:10025): 250 Ok: queued as 7576D421EFE
> (07749-08) Passed, <> -> <[EMAIL PROTECTED]>, quarantine iQVAWWgJrHRP,
> Message-ID:
> <XXXID>, Hits: 3.9
> (07749-08) TIMING [total 1255 ms] - SMTP EHLO: 3 (0%)0, SMTP pre-MAIL: 0
> (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 40
> Are there any errors in my policy bank? Or any ideas?
> Thanks,
> Michael
How do you bounce a message with a null reverse-path?
Gary V
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
