XZ and banned filename

Sat, 07 Aug 2021 07:23:10 -0700 

Hello Amavis-users,

Amavis do not ban message if you receive XZ compressed file and into it has a 
forbidden "banned file name" (for example notepad.exe.xz)

From  mail.log:
 Checking for banned types and filenames
 lookup: (scalar) matches, result="DEFAULT"
 lookup [banned_filename], 1 matches for "[email protected]", results: 
"(constant:DEFAULT)"=>"DEFAULT"
 collect banned table[0]: [email protected], tables: 
DEFAULT=>Amavis::Lookup::RE=ARRAY(0x55af0385a4b0)
 starting banned checks - traversing message structure tree
 check_for_banned (p003,p001) multipart/mixed | text/plain,.asc
 doing banned check for [email protected] on multipart/mixed | text/plain,.asc
 lookup_re(["multipart/mixed","text/plain",".asc"]), no matches
 lookup [check_bann:[email protected]] => undef, 
["multipart/mixed","text/plain",".asc"] does not match
 lookup [banned_namepath_re] => undef, 
"P=p003\tL=1\tM=multipart/mixed\nP=p001\tL=1/1\tM=text/plain\tT=asc" does not 
match
 p.path [email protected]: "P=p003,L=1,M=multipart/mixed | 
P=p001,L=1/1,M=text/plain,T=asc"
 check_for_banned (p003,p002) multipart/mixed | 
application/octet-stream,.dat,notepad.exe.xz
 doing banned check for [email protected] on multipart/mixed | 
application/octet-stream,.dat,notepad.exe.xz
 
lookup_re(["multipart/mixed","application/octet-stream",".dat","notepad.exe.xz"]),
 no matches
 lookup [check_bann:[email protected]] => undef, 
["multipart/mixed","application/octet-stream",".dat","notepad.exe.xz"] does not 
match
 lookup [banned_namepath_re] => undef, 
"P=p003\tL=1\tM=multipart/mixed\nP=p002\tL=1/2\tM=application/octet-stream\tT=dat\tN=notepad.exe.xz"
 does not match
 p.path [email protected]: "P=p003,L=1,M=multipart/mixed | 
P=p002,L=1/2,M=application/octet-stream,T=dat,N=notepad.exe.xz"
 banned check: any=0, all=N (1)

I so decide:
unshift(@decoders, ['dat',  \&do_uncompress,
             ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ] );
Is there another way?

P.S.
os-release ="Debian GNU/Linux 10 (buster)"

amavisd-new/stable,now 1:2.11.0-6.1 all [installed]
   Interface between MTA and virus scanner/content filters
-- 
Best regards,
 aBod                          mailto:[email protected]

Reply via email to