* Hiroyuki Sato <[email protected]>: > Hello, members. > > I would like to confirm Amavisd "BANNED" behavior. > (I'm investigating why this configuration removes mail contents which > judged "BANNED" status.) > But I can't reproduce that status with my sample > file(Eicar-Test-Signature). It reports "INFECTED" status.
amavis tests for virii before it tests for banned files. If it detects a virus it will not test for any other content class, e.g. banned, anymore. That's why your EICAR test pattern triggers INFECTED and not BANNED in the log. Send yourself a file with a different suffix (filename) or MIME type *and* don't forget to specify the --attach-filename, if you use swaks or filename rules in @banned_rules will fail: $ swaks -f [email protected] -t [email protected] -s 127.0.0.1 \ --attach-type 'application/octet-stream' --attach-filename 'test.exe' \ --attach - --suppress-data </tmp/test.exe p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
