Mark, Thank you for looking into this.
On 11.02.2011 15:22, Mark Martinec wrote: >> RIM routinely sends mails to Blackberry users containing a file named >> ETP.DAT. This file must not be banned, so I added an exception to >> $banned_filename_re: >> This works better now most of the time, but sometimes one of these mails >> get banned nonetheless. > The "P=p004,L=1/1/1,T=exe,N=UNKNOWN.001" was derived from "P=p001,L=1/1" > as indicated in the L path, i.e. from the first text/plain MIME part of the > message. > Seems like the Convert::UUlib attempted the decoding of BEGINETP...ENDETP, > which resulted in something considered executable by file(1). > Btw, which version of the file(1) utility was that? file-4.24 > Are you using a non-default setting of @decoders ? I believe its entries > to call do_ascii were disabled in 2.6.2, but possibly you kept an older > explicit configuration. do_ascii is enabled. That's what was delivered with SLES 11 SP1 (Suse Linux Enterprise Server), which is pretty much like amavisd.conf is delivered in 2.6.2. > Try disabling the do_ascii in @decoders first, if you still have it. >From my point of view do_ascii is a good idea considering the fact that this is just another transport method (like tar). > Next suggestion is perhaps to remove the 'exe' from the second of > your rules: > This would avoid blocking the non-windows executables > (like Unix, VMS, ...). The true Windows executables are classified as > both 'exe-ms' *and* 'exe'. Similarly a dll is both an 'exe' and a 'dll', > so these would remain to be blocked. Bingo! I tried that: it blocks things like NOTEPAD.EXE and NOTEPAD.E (a renamed .EXE), but no longer the encoded version of ETP.DAT. As we are a windows shop, blocking non-windows executables is a bit pointless. I have been unaware of the subtle difference between 'exe' and 'exe-ms'. Maybe this deserves an additional hint in the config files. Thanks again for solving this. Regards, Robert ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
