On 2/16/08, Christopher J Shaker wrote: > You may all know about this, but it was new to me. > > Found a persistent spammer was sending email to my domain without > any score information from amavis-new. > > After trying several possibilities, I finally realized that he was sending > the email with a hand crafted 'X-Virus-Scanned' header that was identical > to what my Amavis-new would have added. > > That seems to bypass scanning with Amavis-new! > > I've temporarily added a filter to my postfix header_checks file to reject > messages coming into my server that already have the X-Virus-Scanned > header added to them. This is not a good solution, because it also blocks > my outgoing email. > > Has anyone else run into this? > > Thank you, > Chris Shaker
This is not a definitive answer, but in my experience amavisd-new would not bypass itself because of a previous X-Virus-Scanned header. BTW, you can tell amavisd-new to remove these headers by setting: $remove_existing_x_scanned_headers = 1; # default is to leave these alone. It's more likely you already have a header_check that checks for the X-Virus-Scanned header and then uses a FILTER directive to bypass amavisd-new. I would check for that. My guess you created this in order to bypass scanning for outbound mail, but this would not be a good approach. A better approach would be to use a policy bank. However, I am guessing here. http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks http://www200.pair.com/mecham/spam/bypassing.html -- Gary V ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/