On Thursday 08 July 2004 05:04, Michael W.Cocke wrote:
On Thu, 8 Jul 2004 01:26:05 +0200 (CEST), you wrote:
The Tuesday 2004-07-06 at 10:59 -0700, Jarod Wilson wrote:
|Content-Type: application/octet-stream; | name="Bill.zip"
Perhaps the file is actually called Bill.zip.exe, or maybe there are multiple attachments. But amavisd appears to be functioning correctly.
No, that was not the problem. The "problem" is that amavis-new tries to be overtly clever by: 1) looking inside zip files for exe files
That's a good thing.
and 2) not trusting filename extensions but instead using the output of the command "file".
And so is that.
This behaviour can be dissabled, and I have done so:
But that really isn't. At least not if you want amavisd to be as effective as possible...
Look for $warnvirussender and disable it.
It was already dissabled, by the default settings:
#$warnvirussender = 1; # (defaults to false (undef))
I have explicitly dissabled it now - I can not trust the default being "false":
$warnvirussender = 0; # (defaults to false (undef))
An that seems to work, but only with the help of the next trick:
$mailfrom_notify_admin = "amavis_new.virusalert\@$mydomain"; $mailfrom_notify_recip = "amavis_new.virusalert\@$mydomain"; $mailfrom_notify_spamadmin = "amavis_new.spam.police\@$mydomain"; $hdrfrom_notify_sender = '"amavisd_new.postmaster"
'; and then, in "/etc/postfix/access" I explicitly dissable those addresses from bein able to send:
amavis_new.virusalert@nimrodel.valinor REDIRECT virusalert@nimrodel.valinor amavis_new.spam.police@nimrodel.valinor REDIRECT virusalert@nimrodel.valinor amavis_new.postmaster@nimrodel.valinor REDIRECT virusalert@nimrodel.valinor
Both things, the warnvirussender=0 and the redirect clauses ensure they don't get sent outside.
Why are you going to such lengths to disable a large part of your system security? There's an excellent reason why amavis "is overly clever".
My thoughts exactly... -- Jarod C. Wilson, RHCE jcw@wilsonet.com