Re: [AMaViS-user] allowing anything in ZIPs setup Q

Wed, 09 Apr 2008 05:57:05 -0700 

> The basic idea is to allow before you block. Be
> mindful of where things are placed. You want to
> make sure the stuff you want blocked is before
> the stuff you allow. In other words, if you want to
> allow exe files, but only if they are zipped,
> place all the stuff you want blocked before you
> allow anything (but don't include exe type files
> in the files you want blocked yet). Then, allow
> zipped files. Then, place anything that might
> detect a file as an exe, after the point where
> zipped files are allowed.

In short, first match wins, top down on the list.

A banning lookup is performed for each mail part (leaf) independently.
If any is blocked, the whole message is blocked.

A query key for each lookup carries all the information
about the full path (within a structure of a message and archives)
leading to this leaf, e.g. (from your case):

  multipart/mixed |
  application/x-zip-compressed, .zip, BitTorrent-6.0.2.zip |
  .exe, .exe-ms, BitTorrent-6.0.2.exe

So the above query is stepping through each rule in the list:

1.)  qr'^\.(exe-ms|exe|dll)$',   # block
2.)  [ qr'^\.(zip|rar)$'=> 0 ],  # allow

at 1):  multipart/mixed ?  NO
        application/x-zip-compressed?  NO
        .zip ? NO
        BitTorrent-6.0.2.zip ?  NO
        .exe ? YES => block, game over,
                      never reaches rule 2 for this leaf
                      


If the order of rules is reversed:

1.)  [ qr'^\.(zip|rar)$'=> 0 ],  # allow
2.)  qr'^\.(exe-ms|exe|dll)$',   # block

at 1): multipart/mixed ?  NO
       application/x-zip-compressed?  NO
       .zip ?  YES => allow, game over,
                      never reaches rule 2 for this leaf


Mark


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to