Jeffrey, > I have encountered a problem with amavisd and Convert::UUlib that > makes it difficult to send messages with attachments containing DNA > data. > > The content of these DNA files is very close to base64 (it would match > a character class like [\n0-9>A-Z] ). UUlib picks out substrings of this > data and turns them into binary files. One of these files had the > misfortune of having file magic that matched a PDP-11 executable. > My amavisd setup blocked the message. > > Has anyone encountered a similar problem with amavisd/uulib?
Yes, the Convert::UUlib is a rather troubled module and its underlying library is practically unmaintained. Besides sometimes being overly trigger-happy, it also has a history of security problems. On the bright side, it did help on occasion in the past where an obfuscated malware was being propagated. Perhaps it would nowadays be appropriate to turn it off by default (comment out lines in a @decoders list invoking a 'do_ascii', or replace the whole list in amavisd.conf). A normal uuencoded attachment would still be recognized and decoded by the MIME::Parser. Regarding banning of executables, I only block file type .ms-exe (and not just any file type .exe), and block file names with an exe extension. I don't think blocking executables for other architectures is warranted. qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic > It is possible that someone engineered a gene sequence with a hidden PDP-11 > executable, but this seems unlikely and I don't have a PDP-11 to test the > output on. :) You don't need the hardware, a 'simh' (http://simh.trailing-edge.com/) is a nice emulator of PDP-11, VAX and other nice historical architectures :) Mark ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
