Hi Mark,
I'm using gentoo. It's the 2.3.3-r2 version from gentoo, with the patch
for LDAP amavisBannedRuleNames applied. I did a diff against 2.3.3:
diff -urN /usr/sbin/amavisd amavisd
--- /usr/sbin/amavisd 2006-02-02 13:59:11.000000000 -0200
+++ amavisd 2005-08-21 20:46:15.000000000 -0300
@@ -4718,7 +4718,7 @@
$via =~ /^bsmtp:(.*)\z/si or die "Bad fwd method: $via";
my($bsmtp_file_final) = $1; my($mbxname);
my($s) = $msginfo->sender; # defanged sender name for use in filename
- $s =~ tr/[EMAIL PROTECTED]/=/c;
+ $s =~ tr/[EMAIL PROTECTED]/=/c;
$s = substr($s,0,100)."..." if length($s) > 100+3;
$s =~ s/\@/_at_/g; $s =~ s/^(\.{0,2})\z/_$1/g;
$bsmtp_file_final =~ s{%(.)}
@@ -6281,7 +6281,7 @@
'sender-quarantine' =>
sub { my($s) = $MSGINFO->sender;
$s = substr($s,0,100)."..." if length($s) > 100+3;
- $s =~ tr/[EMAIL PROTECTED]/=/c; $s =~ s/\@/_at_/g;
+ $s =~ tr/[EMAIL PROTECTED]/=/c; $s =~ s/\@/_at_/g;
$s = untaint($s) if $s =~ /^(?:[a-zA-Z0-9%=._+-]+)\z/; #
untaint
($QUARANTINEDIR, "sender-$s-%m.gz"); # suggested file name
},
@@ -6675,7 +6675,7 @@
unshift(@Amavis::Conf::spam_admin_maps,
$lf->('amavisSpamAdmin', 'S-'));
unshift(@Amavis::Conf::banned_admin_maps,
$lf->('amavisBannedAdmin', 'S-'));
unshift(@Amavis::Conf::bad_header_admin_maps,
$lf->('amavisBadHeaderAdmin', 'S-'));
- unshift(@Amavis::Conf::banned_filename_maps,
$lf->('amavisBannedRuleNames', 'S-'));
+ unshift(@Amavis::Conf::banned_filename_maps,
$lf->('amavisBannedRuleNames', 'L-'));
section_time('ldap-prepare');
}
if (defined $sql_policy && !$implicit_maps_inserted) {
@@ -10743,7 +10743,9 @@
amavisBadHeaderAdmin amavisBannedRuleNames
);
- @mv_ldap_attrs = qw(amavisBlacklistSender amavisWhitelistSender);
+ @mv_ldap_attrs = qw(amavisBlacklistSender amavisWhitelistSender
+ amavisBannedRuleNames
+ );
}
And I tried with loglevel = 5. $banned_namepath_re is default (I think
is undef). I also tried setting with undef.
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01) lookup
(bypass_banned_checks) => false, "<email>" matches, result="0",
matching_key="/cached/"
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01)
lookup_ldap_attr(amavisbannedrulenames), no attribute, "<email>"
result=undef
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01) query_keys: <email>,
......
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01) lookup_hash(<email>)
matches keys: "."=>DEFAULT
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01) lookup
(banned_filename), 1 matches for "<email>", results: "."=>"DEFAULT"
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01) collect banned
table[0]: <email>, tables:
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01) skipping banned
check: no applicable lookup tables
Mar 30 00:52:18 tatooine amavis[17153]: (17153-01) banned check: any=0,
all=N (1)
Thanks in advance,
Aury
Mark Martinec wrote:
Aury,
I'm having problems to make banned_filename_maps and banned_rules work.
I'm using:
%banned_rules = (
'DEFAULT' => $banned_filename_re
);
@banned_filename_maps = ( { '.' => 'DEFAULT' } );
This allows a file called upx.exe to pass, and this isn't allowed by
banned_filename_re, and the sender isn't whitelisted and
bypass_banned_checks isn't set.
Looks fine. I just tried what you did, and it does work here.
Which version of amavisd-new was that?
I assume $banned_namepath_re=undef;
(btw, whitelisting has no effect on ban checks, it only controld spam checks)
At log level 5 look for the following sequence:
(17905-11) lookup_hash(<email>) matches keys: "."=>DEFAULT
(17905-11) lookup (banned_filename), 1 matches for "<email>", results:
"."=>"DEFAULT"
(17905-11) collect banned table[0]: <email>, tables:
DEFAULT=>Amavis::Lookup::RE=ARRAY(...)
(17905-11) starting banned checks - traversing message structure tree
(17905-11) check_for_banned (p004,p003) multipart/related |
audio/x-wav,.exe,.exe-ms,message.scr
(17905-11) doing banned check for <email> on multipart/related |
audio/x-wav,.exe,.exe-ms,message.scr
(17905-11)
lookup_re(["multipart/related","audio/x-wav",".exe",".exe-ms","message.scr"])
matches key "(?i-xsm:..(exe|vbs|pif|scr|bat|cmd|com|cpl)$)", result="1"
(17905-11) lookup (check_bann:[EMAIL PROTECTED]) => true,
["multipart/related","audio/x-wav",".exe",".exe-ms","message.scr"] matches,
result="1", matching_key="(?i-xsm:.\\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$)"
(17905-11) p.path BANNED:1 <email>: "P=p004,L=1,M=multipart/related |
P=p003,L=1/2,M=audio/x-wav,T=exe,T=exe-ms,N=message.scr",
matching_key="(?i-xsm:.\\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$)"
Mark
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/