Michael, > just to confirm, with 2.6.3, to make mime->clamav (happy), and let pen > pals still work, all we need is: > > @decoders = (); > @keep_decoded_original_maps = (new_RE( qr'^MAIL$' )); > > DON'T NEED THIS ANYMORE: $bypass_decode_parts = 0;
Pen pals doesn't need any decoding, so any setting of @decoders, $bypass_decode_parts and @keep_decoded_original_maps will do. Perhaps you had bounce killer in mind. It needs the basic MIME decoding ($bypass_decode_parts=0), but doesn't care for other decodings, so @decoders may be set to (). This is documented in RELEASE_NOTES: A pre-requisite for proper operation of a bounce killer is a working SQL logging database (pen pals), or that outbound DSN messages have a Message-ID with a fully qualified domain name matching the @local_domains_maps list of lookup tables. Parts decoding must also not be disabled ($bypass_decode_parts=0), which is a default. > oh, and one more thing.. I think > didn't you need to NOT do this for > 'file' to be able to decode? Not sure what you mean. The 'file' utility is called for any part resulting from any decoding (except for the entire mail). So, if all decoding is disabled, the file(1) will not be called. If only MIME decoding is done but other decoding is off ( @decoders=() ), the file(1) will only be called for each decoded MIME part. Just to make it explicit: - $bypass_decode_parts is a master switch, it controls both the top-level MIME decoding as well as all the underlying decoding as specified in @decoders; - the @decoders list applies to further parts decoding like decompressing, de-archiving, ... > so, what is the optimal setting to: > have clamav decode the file (only once) > have virus_maps_to spam work > have penpals work > have file program figure out what type of attachment it is. $bypass_decode_parts = 0; # (which is a default) @decoders = (); # turn off all further decodings @keep_decoded_original_maps = (new_RE( qr'^MAIL$' )); If you don't need 'banned' rules to see MIME parts and don't need a bounce killer, the $bypass_decode_parts can be set to 1, in which case the value of @decoders is irrelevant, and the @keep_decoded_original_maps automatically keeps the entire message for virus checking. > and I got the same security tests to work with this: > $bypass_decode_parts = 0; ? > and, it looks like an executable renamed bad.exe.txt isn't caught as a exe. > (but I think I broke that sometime before) By its name it isn't an .exe. By file(1) result it should still be an executable > so, reviewing RELEASE_NOTES: > COMPATIBILITY WITH 2.5.0 > > - setting $bypass_decode_parts to true now also disables MIME decoding > (see below); > - setting $bypass_decode_parts to true now also disables MIME decoding, > not just decoders/dearchivers listed in a @decoders list, and also > implicitly retains full original message for virus checking, equivalent > to having a regular expression /^MAIL$/ in a @keep_decoded_original_maps > list; prompted by Bill Landry; > > and: > > # set $bypass_decode_parts to true if you only do spam scanning, or if you > # have a good virus scanner that can deal with compression and recursively > # unpacking archives by itself, and save amavisd the trouble. > # Disabling decoding also causes banned_files checking NOT to see MIME types > # and content classification types as provided by the file(1) utility. > # It is a double-edged sword, make sure you know what you are doing! > # > #$bypass_decode_parts = 1; # (defaults to false) > > (but I have it at 0) > and baned_files checking did NOT see the .exe type. Don't know, seems to work here: $bypass_decode_parts = 0; @decoders = (); @keep_decoded_original_maps = (new_RE( qr'^MAIL$' )); p.path BANNED:1 mark.marti...@ijs.si: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/x-msdos-program,T=exe,T=exe-ms, N=iperf.exe.txt2,N=iperf.exe.txt", matching_key="(?-xism:^\\.(exe-ms|dll)$)" Check your log at level 5. Mark ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
