We've had a rule in place (in $banned_namepath_re) to block zip files
by name. Trying to do it in amavisd-new (instead of postfix) so that
if it was something legit, we could at least release it from the
quarantine. Because it's generally not a good idea to just /dev/null
folks' email, had banned files do a BOUNCE.
$final_banned_destiny = D_BOUNCE;
Well, then came the stock scams that were zipped. That subsided, but
now it's this strange business of zip files that are really rar. Any
way to just DISCARD these instead?
BANNED: P=p003,L=1,M=multipart/mixed |
P=p002,L=1/2,M=application/octet-stream,T=rar,N=Text.zip
Would it be something like this?
#### stock spam mess.
[ qr'(?# ZIP THAT IS REALLY RAR)
\A (.*\t)? T=rar
\t(.*\t)* N= [^\t\n]* \. zip
(\t.*)? $'xmi => 'DISCARD' ],
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
