Hi All,
I've noticed a few instances of the relativley new "dumaru worm" passing
through amavisd-new and clamd AV. I thought all exe files were being
blocked by amavis, but in testing I've disovered that contrary to my
conf file comments, " If any mail part matches, the whole mail is
rejected, much like the way viruses are handled", the banned extensions
are not being deleted but sent, and followed by a warning...
BANNED FILENAME ALERT
Our content checker found
test.exe
The conf file states that...
"file content type as guessed by 'file' utility, both the raw
# result from 'file', as well as short type name, classified
# into names such as .asc, .txt, .html, .doc, .jpg, .pdf,
# .zip, .exe, ... - see subroutine determine_file_types().
# This step is done only if $bypass_decode_parts is not true."
And in the conf file
$bypass_decode_parts = 0;
The system administrator also recieves notification that the email with
banned extension has been delivered.
I'm hoping someone can tell me where this is being switched wrong.
I'm using amavisd-new-20021227-p1 on debian testing distro.
Thanks in advance!
Lewis Shobbrook
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
