David,
> I want to block pps file and other file only for policy bank
AM.PDP-SOCK
> this the policy bank config
> $policy_bank{'AM.PDP-SOCK'} = {
> protocol => 'AM.PDP',
> notify_method => 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f
${sender} -- ${recipient}',
> auth_required_release => 0,
> bypass_banned_checks_maps => [0],
> banned_filename_re = new_RE(\qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl|
pps|doc)$'i),
> };
>
> but this did not working, see logs below,
It doesn't work because banned_filename_re is not a member of policy
banks and is
ignored. You'd need to give a banning policy a name and use
@banned_filename_maps,
e.g.:
%banned_rules = (
'NO-VIDEO' => new_RE( qr'^\.movie$',
qr'.\.(asf|asx|mpg|mpe|mpeg|avi|mp3|wav|wma|wmf|wmv|mov|vob)$'i, ),
'NO-MOVIES' => new_RE( qr'^\.movie$', qr'.\.(mpg|avi|mov)$'i, ),
'NO-PPS' => new_RE(\qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl|pps|
doc)$'i),
'DEFAULT' => $banned_filename_re,
);
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
...
banned_filename_maps => ['NO-PPS'],
};
Mark
------------------------------------------------------------------------------
dear
I have made this configuration :
%banned_rules = ('GENERAL' => new_RE(\qr'.\.(pps|doc)$'i));
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it
explicit
os_fingerprint_method => undef, # don't query p0f for internal clients
banned_filename_maps => ['GENERAL'],
};
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
notify_method => 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f
${sender} -- ${recipient}', auth_required_release => 0, # do not
require secret_id for amavisd-release
banned_filename_maps => ['GENERAL'],
};
but the pps file is not blocked.. see the log :
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) lookup, 1 matches for "ma...@touzeau.com", results:
"(constant:GENERAL)"=>"GENERAL"
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) collect banned table[0]: ma...@touzeau.com, tables:
GENERAL=>Amavis::Lookup::RE=ARRAY(0x96f4938)
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) starting banned checks - traversing message structure tree
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) check_for_banned (p003,p001) multipart/mixed | text/plain,.asc
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) doing banned check for ma...@touzeau.com on multipart/mixed |
text/plain,.asc
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) lookup_re(["multipart/mixed","text/plain",".asc"]), no matches
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) lookup [check_bann:ma...@touzeau.com] => undef,
["multipart/mixed","text/plain",".asc"] does not match
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) lookup [banned_namepath_re] => undef, "P=p003\tL=1
\tM=multipart/mixed\nP=p001\tL=1/1\tM=text/plain\tT=asc" does not match
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) p.path ma...@touzeau.com: "P=p003,L=1,M=multipart/mixed |
P=p001,L=1/1,M=text/plain,T=asc"
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) check_for_banned (p003,p002) multipart/mixed |
application/vnd.ms-powerpoint,.dat,exes.pps
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) doing banned check for ma...@touzeau.com on multipart/mixed |
application/vnd.ms-powerpoint,.dat,exes.pps
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722)
lookup_re(["multipart/mixed","application/vnd.ms-powerpoint",".dat","exes.pps"]),
no matches
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) lookup [check_bann:ma...@touzeau.com] => undef,
["multipart/mixed","application/vnd.ms-powerpoint",".dat","exes.pps"]
does not match
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) lookup [banned_namepath_re] => undef, "P=p003\tL=1
\tM=multipart/mixed\nP=p002\tL=1/2\tM=application/vnd.ms-powerpoint
\tT=dat\tN=exes.pps" does not match
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) p.path ma...@touzeau.com: "P=p003,L=1,M=multipart/mixed |
P=p002,L=1/2,M=application/vnd.ms-powerpoint,T=dat,N=exes.pps"
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) banned check: any=0, all=N (1)
May 23 01:13:48 dtouzeau-desktop.local /usr/local/sbin/amavisd[722]:
(00722) lookup_re("MAIL"), no matches
------------------------------------------------------------------------------
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
