Alexander 'Leo' Bergolth wrote: > On 06/01/2009 09:02 PM, Noel Jones wrote: >> Alexander 'Leo' Bergolth wrote: >>> I am experiencing problems with some spam-mail that causes amavisd to >>> hang forever. Maybe it has some problems when running spamassassin, at >>> least in many cases the last debug-output is from spamassassin. However, >>> when manually feeding the mail to spamassassin, everything works fine. >>> >>> Additionally, the following error is output: >>> >>> *** glibc detected *** amavisd (ch1-30412-01): free(): invalid next size >>> (normal): 0x0def2e28 *** >>> >>> The corresponding process never recovers and has to be killed with -9. > [...] >> Clam has been catching these here as Trojan.Downloader-71014. >> >> Here's a postfix mime_header_checks rule to reject mail with >> an attachment by this name. >> >> Caution: this is for temporary use only. It will reject any >> mail with an attachment named "ecard.zip" without regard to >> whether it's a virus or not. >> >> # postfix main.cf >> mime_header_checks = pcre:/etc/postfix/mime_header_checks >> >> # /etc/postfix/mime_header_checks >> # note: this is all one line, beware line wrapping >> ~^Content-(Disposition|Type):\s+.*?(file)?name="?ecard\.zip(\?=)?"?\s*(;|$)~ >> REJECT possible Trojan.Downloader-71014 worm > > Unfortunately this doesn't seem to work, most likely because I'm using > amavis as a smtpd_proxy_filter (pre-queue).
Right. That's an important detail. Maybe removing zip from @decoders AND adding ecard.zip to your banned files list will work as a temporary solution. -- Noel Jones ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
