*********************** Warning: Your file, no filename/Presentation1.ppt, was not scanned by InterScan MSS. ***********************
Hello, I'm trying to setup smtp-vilter-1.3.6p0 with sendmail on 4.1_STABLE. smtp-vilter works with the regex and the clamd backend but _not_ with the "attachment" backend. (For this test I temporarily disabled the clamd backend, as it is working nicely!) I'm sending a mail with an .ppt attachment, as defined in the attachment.conf file, it should be marked as an unwanted content! Unfortunately it isn't .... I tried many different combinations, restarting reloading etc ... adding other unwanted file extensions but the attachments are always declared valid, whatever I try !!! Below you will find the different config files and smtp-vilter running in verbose mode while receiving an email containing unwanted content (undetected by smtp-vilter). Thank you very much for helping!!! kind regards didier Here is a sample mail, that should have been marked as containing unwanted content: --- >From [EMAIL PROTECTED] Thu Apr 5 13:04:56 2007 Content-return: prohibited Date: Thu, 05 Apr 2007 13:04:47 +0200 From: Didier Wiroth <[EMAIL PROTECTED]> Subject: <No Subject> To: Didier <[EMAIL PROTECTED]> MIME-version: 1.0 Content-type: multipart/mixed; boundary="Boundary_(ID_/CT8fSiDCvtRjkDQZOdk7Q)" X-SMTP-Vilter-Version: 1.3.6 X-SMTP-Vilter-Unwanted-Backend: attachment X-SMTP-Vilter-Unwanted-Backend: regex X-SMTP-Vilter-regex-Unwanted-Status: clean X-SMTP-Vilter-attachment-Unwanted-Status: clean --Boundary_(ID_/CT8fSiDCvtRjkDQZOdk7Q) Content-type: multipart/alternative; boundary="Boundary_(ID_efxiFmA88sy9/oI8ADc4yQ)" --Boundary_(ID_efxiFmA88sy9/oI8ADc4yQ) Content-type: TEXT/PLAIN; CHARSET=US-ASCII Content-transfer-encoding: 7BIT --Boundary_(ID_efxiFmA88sy9/oI8ADc4yQ) Content-type: TEXT/HTML; CHARSET=US-ASCII Content-transfer-encoding: 7BIT <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2900.3059" name=GENERATOR></HEAD> <BODY> <DIV> </DIV></BODY></HTML> --Boundary_(ID_efxiFmA88sy9/oI8ADc4yQ)-- --Boundary_(ID_/CT8fSiDCvtRjkDQZOdk7Q) Content-type: APPLICATION/vnd.ms-powerpoint; NAME=Presentation1.ppt Content-transfer-encoding: BASE64 Content-disposition: attachment; filename=Presentation1.ppt Content-description: Presentation1.ppt 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB AAAADwAAAAAAAAAAEAAAEQAAAAEAAAD+////AAAAABAAAAD///////////// //////////////////////////////////////////////////////////// etc etc ... ----------------end snip---------- --- smtp-vilter.conf user=_vilter group=_vilter chroot=/var/smtp-vilter tmpfiles=g+r tmpfiles=setgrp backend-path=/usr/local/lib/smtp-vilter backend=regex,attachment,clamd config-file=clamd:/etc/smtp-vilter/clamd.conf config-file=spamd:/etc/smtp-vilter/spamd.conf config-file=icap:/etc/smtp-vilter/icap.conf config-file=attachment:/etc/smtp-vilter/attachment.conf config-file=regex:/etc/smtp-vilter/regex.conf virus-strategy=notify-recipient recipient-notification=/etc/smtp-vilter/recipient-notification spam-strategy=mark spam-subject-prefix="* SPAM *" spam-header="X-Its-A-Nuisance: This is spam" unwanted-strategy=mark error-strategy=mark port=unix:/var/run/smtp-vilter.sock tmpdir=/tmp log-facility=mail logfile=/var/log/smtp-vilter.log statfile=/var/log/stats option=logvirus option=logspam option=logunwanted option=logall option=markall --- /etc/smtp-vilter/attachment.conf case-sensitive=false unwanted-filename=".*\.exe$" unwanted-filename=".*\.bat$" unwanted-filename=".*\.pif$" unwanted-filename=".*\.ppt$" unwanted-filename=".*\.com$" unwanted-filename=".*\.url$" unwanted-content-type="application/octet-stream" unwanted-content-type="image/.*" attachment-notification="/etc/smtp-vilter/attachment-notification" --- smtp-vilter running verbose and receiving an email with unwanted .ppt content, but not detecting it: # /usr/local/sbin/smtp-vilter -v smtp-vilter: config-file for unused backend clamd defined smtp-vilter: config-file for unused backend spamd defined smtp-vilter: config-file for unused backend icap defined smtp-vilter: loading backend regex from file /usr/local/lib/smtp-vilter/vilter-regex.so smtp-vilter: regex: vilter_init() smtp-vilter: regex: using configuration from file /etc/smtp-vilter/regex.conf smtp-vilter: regex: adding unwanted header pattern From: [EMAIL PROTECTED] smtp-vilter: regex: adding unwanted header pattern From: [EMAIL PROTECTED] smtp-vilter: regex: adding unwanted body pattern Philip Potocki smtp-vilter: regex: adding unwanted body pattern Ralph Lewin smtp-vilter: regex: vilter_init() return smtp-vilter: loading backend attachment from file /usr/local/lib/smtp-vilter/vilter-attachment.so smtp-vilter: attachment: vilter_init() smtp-vilter: attachment: using configuration from file /etc/smtp-vilter/attachment.conf smtp-vilter: attachment: adding unwanted filename pattern .*\.exe$ smtp-vilter: attachment: adding unwanted filename pattern .*\.bat$ smtp-vilter: attachment: adding unwanted filename pattern .*\.pif$ smtp-vilter: attachment: adding unwanted filename pattern .*\.ppt$ smtp-vilter: attachment: adding unwanted filename pattern .*\.com$ smtp-vilter: attachment: adding unwanted filename pattern .*\.url$ smtp-vilter: attachment: adding unwanted content-type pattern application/octet-stream smtp-vilter: attachment: adding unwanted content-type pattern image/.* smtp-vilter: attachment: vilter_init() return smtp-vilter: start unprivileged child process smtp-vilter[11290]: dropped privileges, running as 538:538 smtp-vilter: connect from: mail.bogus.lu smtp-vilter: connection setup smtp-vilter: helo from: mail.bogus.lu smtp-vilter: envelope sender: <[EMAIL PROTECTED]> smtp-vilter: message setup smtp-vilter: envelope recipient: <[EMAIL PROTECTED]> smtp-vilter: scanning for unwanted content using backend regex smtp-vilter[11290]: message contains no unwanted content smtp-vilter: scanning for unwanted content using backend attachment smtp-vilter: attachment: will skip 0 attachments smtp-vilter[11290]: message contains no unwanted content smtp-vilter: message cleanup smtp-vilter: closing connection with mail.bogus.lu smtp-vilter: connection cleanup smtp-vilter: received statistics from child process
