Pavel,
> is there a parameter like 'sa_mail_body_size_limit' for antivirus
> checks? I don't want our Clamav scanning 20MB 'funny' pictures' archives
> being sent by our users.
amavisd.conf-sample:
# Resource limits to protect unpackers, decompressors and virus scanners
# against mail bombs (e.g. 42.zip)
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14; # (default is undef, no limit)
# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 1500; # (default is undef, no limit)
# For the cumulative total of all decoded mail parts we set max storage size
# to defend against mail bombs. Even though parts may be deleted (replaced
# by decoded text) during decoding, the size they occupied is _not_ returned
# to the quota pool.
#
# Parameters to storage quota formula for unpacking/decoding/decompressing
# Formula:
# quota = max($MIN_EXPANSION_QUOTA,
# $mail_size*$MIN_EXPANSION_FACTOR,
# min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
# In plain words (later condition overrules previous ones):
# allow MAX_EXPANSION_FACTOR times initial mail size,
# but not more than MAX_EXPANSION_QUOTA,
# but not less than MIN_EXPANSION_FACTOR times initial mail size,
# but never less than MIN_EXPANSION_QUOTA
#
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500)
amavisd-new-20021116 release notes:
- new defense against mail bombs: for the cumulative total of all
decoded mail parts we set max storage size. The formula is:
quota = max($MIN_EXPANSION_QUOTA,
$mail_size*$MIN_EXPANSION_FACTOR,
min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
In plain words (later condition overrules previous ones):
allow MAX_EXPANSION_FACTOR times initial mail size,
but not more than MAX_EXPANSION_QUOTA,
but not less than MIN_EXPANSION_FACTOR times initial mail size,
but never less than MIN_EXPANSION_QUOTA
- if the permitted quota is exceeded (or the defense triggered by other
similar safeguards), the virus scanning is skipped to protect the
virus scanner from tripping over the mail bomb, a header field
is inserted:
X-Amavis-Hold: ... reason ...
and a log entry 'Placing on HOLD: reason' at level 0 is produced.
Also the temporary directory is preserved.
The 'X-Amavis-Hold: ...' header field can be used by your MTA to
put the message 'on hold' (freeze). If MTA is not set up to catch
messages with this tag (the default), they are passed normally to
recipients. This is likely to be the best action under the circumstances.
Mark
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
