Re: How to reject all mails with docs attached?

Mon, 01 Feb 2016 06:40:56 -0800

Ok thank you for your solution. I also found the definitions in the amavis conf file 20-debian_defaults 

root@mailserver1 /etc # grep -nri "exe" /etc/amavis/
/etc/amavis/conf.d/20-debian_defaults:115: qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, /etc/amavis/conf.d/20-debian_defaults:133: qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic /etc/amavis/conf.d/20-debian_defaults:134:# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| /etc/amavis/conf.d/20-debian_defaults:141: qr'^\.(exe-ms)$', # banned file(1) types /etc/amavis/conf.d/20-debian_defaults:142:# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types 


Thomas B

Am 01.02.2016 um 15:09 schrieb Reindl Harald:



Am 01.02.2016 um 15:05 schrieb Thomas Barth:

No viruses were found.
Banned name: .exe,.exe-ms,23676883772984656662(1).doc.exe
Content type: Banned
Not quarantined.
The message WAS NOT relayed to:
xxx
554 5.7.0 Reject, id=09201-09 - BANNED:
.exe,.exe-ms,23676883772984656662(1).doc.exe

This message is a test result of ClamAV? I would like to add .doc as
banned name


sounds like amavis and as already suggested: reject it at smtpd level

mime_header_checks = pcre:/etc/postfix/mime_header_checks.cf

[root@mail-gw:~]$ cat /etc/postfix/mime_header_checks.cf
# Reject Attachment Extensions

/^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* = 
\s*"?(.*?(\.|=2E)(386|acm|ade|adp|apk|awx|ax|bas|bat|bin|cdf|chm|class|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jar|jse|lnk|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|rar|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x 
REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1"




Am 01.02.2016 um 13:50 schrieb Reindl Harald:


Am 01.02.2016 um 13:48 schrieb Thomas Barth:

for a week or so I get a lot of mails with bills as doc-documents and
Spamassassin is actually not able to mark it as spam


it is able

combined BAYES scores and other rules on a proper trained SA leads to
99.9% milter-reject rate of these malware mails here


























					Reply via email to