1 Topic by dns22k

  • dns22k
  • Member
  • Offline
  • Registered: 2017-05-22
  • Posts: 3

Topic: Amavisd-new and a

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi.
Required:
-IredMail 0.9.7
-Centos7
-LDAP backend
-Apache
-no IredAdmin-pro

Question:
IredMail 0.9.7
Recently a i have migrated to it from IredMail 0.8.7.

Problem is: I whant to block some attachments with some extensions. For example *.js.
I take /etc/amavisd/amavisd.conf and add js into ---> qr'.\.(pif|scr|exe|js|vbs|jar|ws|bat)$'i, # banned extensions

Save, then restart postfix,amavisd.

Try to send js content under zip archive. And what i see:
Aug 1 09:38:17 mail amavis[17207]: (17207-06) Passed BANNED (.asc,2305doc.js)

Why passed? If default action for Banned is:
# Banned
$final_banned_destiny = D_DISCARD;

The 2305doc.js is real js virus. How can i discard this type of attachments?

Thank to you for answer.
Best regards
Denis Kirin

p.s.
[root@mail install]# rpm -q amavisd-new
amavisd-new-2.11.0-3.el7.noarch

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Amavisd-new and a

Check SQL table "amavisd.policy", make sure column "banned_quarantine_to" is set to "banned-quarantine", and "bypass_banned_checks" set to 'N'.

3 Reply by dns22k (edited by dns22k 2018-08-07 13:46:34)

  • dns22k
  • Member
  • Offline
  • Registered: 2017-05-22
  • Posts: 3

Re: Amavisd-new and a

ZhangHuangbin wrote:

Check SQL table "amavisd.policy", make sure column "banned_quarantine_to" is set to "banned-quarantine", and "bypass_banned_checks" set to 'N'.

Thank you for help.
No result sorry.
MariaDB [amavisd]> select id,policy_name,virus_quarantine_to,banned_quarantine_to,bypass_banned_checks from policy;
+----+-------------+---------------------+----------------------+----------------------+
| id | policy_name | virus_quarantine_to | banned_quarantine_to | bypass_banned_checks |
+----+-------------+---------------------+----------------------+----------------------+
|  1 | @.          | virus-quarantine    | banned-quarantine    | N                    |
+----+-------------+---------------------+----------------------+----------------------+
1 row in set (0.00 sec)


maillogs logs:
Aug  7 08:36:45 mail amavis[26705]: (26705-14) Passed BANNED (.asc,2305doc.js) {RelayedTaggedInbound,Quarantined}, [xx.xxx.xxx.x]:45202 [xx.xxx.xx.xx] <dns22k@novotrust.ru> -> <dns22k@vibors.ru>, quarantine: SgLey1uX0X1t, Queue-ID: D55E95455, Message-ID: <3723cfcc-3dde-9721-9d31-28e6929385e6@novotrust.ru>, mail_id: SgLey1uX0X1t, Hits: 0.919, size: 3750, queued_as: 20146545D, 1240 ms, Tests: [SPF_FAIL=0.919]

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Amavisd-new and a

And what's the value of SQL column "policy.banned_files_lover"?

5 Reply by dns22k (edited by dns22k 2018-08-10 04:56:38)

  • dns22k
  • Member
  • Offline
  • Registered: 2017-05-22
  • Posts: 3

Re: Amavisd-new and a

ZhangHuangbin wrote:

And what's the value of SQL column "policy.banned_files_lover"?

Hi

thanks to you.
I have change banned_files_lover from "Y" to 'N'