> Remember that defanging does not modify the original banned file. If > it was malicious when it was sent, it is still malicious as it sits in > the user's inbox.
I understand that. For my purposes, this is the desired behavior. > How are you viewing the test message? If viewing from an MUA, the body > of the message would have "WARNING: contains banned part" and the > original message would be wrapped in an attachment. Which MUA are you > using? I'm viewing it in Thunderbird. I've also tried sending it to gmail with the same result. The header indicates the message contained a banned file (.jon is the extension I'm using for testing): X-Amavis-Alert: BANNED, message contains part: multipart/mixed | application/octet-stream,.exe,.exe-unix,test.jon However, the rest of the message is unchanged. No warning in the body, and no wrapping of the original message. > I have been working on a document that offers advice on this subject. > I'm still working on it so I would appreciate comments/corrections by > those familiar with the subject. Option 1 and option 10 should apply. > http://www200.pair.com/mecham/spam/bypassing.html Thank you. Option 1 works well for local hosts. FYI this document is geared to postfix. I'm using sendmail with amavisd-milter. The option still works though. Amavisd-milter must be passing the IP to amavis-new. Option 10, I think, will be more difficult (authenticated non-local hosts). I'm using TLS on ports 25 and 2500, and SSL on ports 465 and 4650. I know milters have the capability of determining whether or not someone authenticated because there is Milter Macro for it called auth_authen. Another milter I use, milter-greylist uses this to determine if the user authenticated and to not delay them if they have. Does amavis-new have the capability of picking up on this? Would it be appropriate for it to be able to do so if used in conjunction with amavisd-milter? If so, I could ask the amavisd-milter developers to add support for it. Gary V wrote: > junk wrote: > >> I'm trying to warn users about potentially banned files. To do this I >> want amavis to defang messages with banned files and then pass the >> messages to users. Using the following options, the messages are being >> passed, but not defanged: > >> $final_banned_destiny = D_PASS; >> $defang_banned = 1; > >> I'm confused because the comments near defang_banned state: > >> # Defanging is only done when enabled (selectively by malware type), >> # and mail is considered malware (virus/spam/...), and the malware is >> allowed >> # to pass (*_lovers or *_destiny=D_PASS) > >> It is my understanding that $defang_banned = 1 enables defanging, and >> $final_banned_destiny is allowing it to pass. The header in a test >> message indicates a banned file was indeed detected. > > How are you viewing the test message? If viewing from an MUA, the body > of the message would have "WARNING: contains banned part" and the > original message would be wrapped in an attachment. Which MUA are you > using? > > Gary V > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > AMaViS-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
