Hi List,
Yesterday I noticed that our SMTP server was rejecting emails with MS Office
attachments, particularly .XLS and .DOC and even PDF files.
Here is a sample report from amavisd-new:
--snip--
No viruses were found.
Banned name: multipart/mixed | application/vnd.ms-excel,.doc,080310.xls
Content type: Banned
Internal reference code for the message is 14883-14/6bkgbyl9Wu6l
First upstream SMTP client IP address: [xx.x.x.xxx] unknown
According to a 'Received:' trace, the message originated at:
[xxx.xxx.xxx.xxx],
Return-Path: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
X-Mailer: AL-Mail32 Version 1.13
Message-ID: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Subject: details of the schedule of payment(February)
Not quarantined.
The message WAS NOT relayed to:
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>:
554 5.7.0 Reject, id=14883-14 - BANNED: multipart/mixed |
application/vnd.ms-excel,.doc,080310.xls
--snip--
And this is my "$banned_namepath_re" entry in amavisd.conf:
--snip--
qr'(?# BLOCK Microsoft EXECUTABLES and DLL )
^ (.*\t)? T=(exe-ms|dll) (\t.*)? $'xm, # banned file(1) types,
rudimentary
qr'(?# BLOCK ANY EXECUTABLE )
^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type
qr'(?# BLOCK THESE TYPES )
^ (.*\t)? T=(exe|tnef|dll) (\t.*)? $'xm, # banned file(1) types
[ qr'(?#rule-3) ^ (.*\t)? T=(gz|bz2) (\t.*)? $'xmi => 0 ], # allow
[ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio|lha|lzh|lhz|LZH|LHZ) (\t.*)? $'xmi
=> 0 ], # allow
qr'(?# BLOCK COMMON NAME EXENSIONS )
^ (.*\t)? N= [^\t\n]* \. (pif|scr) (\t.*)? $'xmi,
# block certain double extensions in filenames
qr'(?# BLOCK DOUBLE-EXTENSIONS )
^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \. \ *
(exe|vbs|pif|scr|bat|cmd|com|cpl|dll) [. ]* (\t.*)? $'xmi,
# banned filename extensions (in suggested names) anywhere - basic
qr'(?# BLOCK COMMON NAME EXENSIONS )
^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl) (\t.*)? $'xmi,
# # banned filename extensions (in suggested names) anywhere - basic+cmd
qr'(?# BLOCK COMMON NAME EXENSIONS )
^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl|bat|cmd|com) (\t.*)?
$'xmi,
# # banned filename extensions (in suggested names) anywhere - long
qr'(?# BLOCK MORE NAME EXTENSIONS )
^ (.*\t)? N= [^\t\n]* \. (
bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
inf|ins|isp|js|jse|lnk|mdw|mdt|mdz|msc|msi|msp|mst|
ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
wmf|wsc|wsf|wsh|mp3|wav|ogg|ac3|wma|mp4) (\t.*)? $'xmi,
);
--snip--
I cant seem to see why the MS Office files are being blocked.
My file utility is 4.17, and running file against these XLS files returns as
"Microsoft Office Document".
thanks in advance,
Kenneth
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
