Michael Scheidell wrote:
> oh, and one more thing.. I think didn't you need to NOT do this for
> 'file' to be able to decode?
> and I got the same security tests to work with this:
>
> $bypass_decode_parts = 0;
>
and, it looks like an executable renamed bad.exe.txt isn't caught as a exe.
(but I think I broke that sometime before)
so, reviewing RELEASE_NOTES:
COMPATIBILITY WITH 2.5.0
- setting $bypass_decode_parts to true now also disables MIME decoding
(see below);
- setting $bypass_decode_parts to true now also disables MIME decoding,
not just decoders/dearchivers listed in a @decoders list, and also
implicitly retains full original message for virus checking, equivalent
to having a regular expression /^MAIL$/ in a @keep_decoded_original_maps
list; prompted by Bill Landry;
and:
# set $bypass_decode_parts to true if you only do spam scanning, or if you
# have a good virus scanner that can deal with compression and recursively
# unpacking archives by itself, and save amavisd the trouble.
# Disabling decoding also causes banned_files checking NOT to see MIME types
# and content classification types as provided by the file(1) utility.
# It is a double-edged sword, make sure you know what you are doing!
#
#$bypass_decode_parts = 1; # (defaults to false)
(but I have it at 0)
and baned_files checking did NOT see the .exe type.
> Michael Scheidell wrote:
>> just to confirm, with 2.6.3, to make mime->clamav (happy), and let
>> pen pals still work, all we need is:
>>
>> @decoders = ();
>> @keep_decoded_original_maps = (new_RE( qr'^MAIL$' ));
>>
>
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
