==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.8
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer.
- Linux/BSD distribution name and version:  Ubuntu 22.04.3 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No.
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I found that iredmail or amavisd seems to be blocking emails that have Apple numbers files attached. Here is the line from log file relating to the issue -

amavis[1624122]: (1624122-11) Blocked BANNED (.exe,ViewState.iwa) {DiscardedInbound,Quarantined}, [REMOVED]:58518 [REMOVED] ESMTP/ESMTP <REMOVED> -> <REMOVED>, (ESMTPS://[REMOVED]:58518), quarantine: R-iLo8arbgcG, Queue-ID: 4Z6jXk6mnSz2xH3, Message-ID: <REMOVED>, mail_id: R-iLo8arbgcG, b: t5lQx8lEa, Hits: -, size: 1005581, Subject: "test please ignore", From: <REMOVED> (dkim:AUTHOR), helo=REMOVED, b.key=(?^mix:T=(9|386|LeChiffre|aaa|abc|aepl|ani|aru|atm|aut|b64|bat|bhx|bkd|blf|bll|bmw|boo|bps|bqf|breaking_bad|buk|bup|bxz|cc|ccc|ce0|ceo|cfxxe|chm|cih|cla|class|cmd|com|cpl|crinf|crjoker|crypt|cryptolocker|cryptowall|ctbl|cxq|cyw|dbd|delf|dev|dlb|dli|dll|dllx|dom|drv|dx|dxz|dyv|dyz|ecc|exe|exe-ms|exe1|exe_renamed|exx|ezt|ezz|fag|fjl|fnr|fuj|good|gzquar|hlp|hlw|hqx|hsq|hts|iva|iws|jar|js|kcd|keybtc@inbox_com|let|lik|lkh|lnk|locky|lok|lol!|lpaq5|...

I checked and the numbers attachment is technically a compressed file (filename.numbers), when I extract it, it contains quite a few files including ViewState.iwa referenced in the above error log. I scanned the original numbers file, and the viewstate file with virustotal.com and it comes back clean so I think its a false positive but I dont know how to get around this issue.

Can you guys help?