To Mr.Olivier, CC: Amavisd users After we have considered and deep checked and then we found this error related with this configure below "amavisd.conf" , ### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, rudimentary
Due to before enable this configuration , This issue not happened before. Once enable this configure to block exe in .zip file , this kind of issue begin to happened. And we also test with below 1. Email with normal plain text => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe) 2. Email with image file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe) 3. Email with pdf file => still block with (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe) #All 3 cases maillog message show BANNED, message contains text/plain,.exe (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe) Have anyone ever found this kind of issue when enabled " qr'^\.(exe|exe-ms|dll)$', " ? And how to fix this kind of issue ? Please do not hesitate to contact us , If you have any questions . Best Regards. ################################ # Watthanachai KEKHUA (Golf) # Operation And Maintenance Department (OAM) # Tel: 02-2367227 Ext. 1624 # NTT Communications (Thailand) Co., Ltd. ################################# DISCLAIMER : This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. The information contained in this communication may be confidential and may be subject to the attorney-client privilege. If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect. -----Original Message----- From: Olivier Nicole [mailto:[email protected]] Sent: Monday, March 09, 2015 1:44 PM To: Watthanachai Kekhua Cc: [email protected] Subject: Re: BANNED, message contains text/plain,.exe issue. Golf, > Since you have banned .exe all message from Lotus note are banned, even when > they have no .exe in it? > => Yes , correct . Amavisd detect some email from Lotus note as "BANNED" > even that email not have ".exe" inside. > > For this issue it look like false positive for us , due to after enabled > block ".exe" , "exe-ms" this configuration we just found this issue happened. > ### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is > or contains any undecipherable components > qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, > rudimentary > > In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned > directory. You could have a close look at the messages and confirm if they > are good or not. > => I've checked this email content before and we found it 's good email and > not have .exe attach file inside. > > So have you any recommendation to solved this kind of issue ? You need to look at the full variable $banned_filename_re, it has more than qr'^\.(exe-ms|dll)$', and goes on several lines, ending with a single line with ); You also need to look at one good message in /var/virusmail/banned and see what is the exact contents, why it is banned (example: X-Amavis-Alert: BANNED, message contains .exe,.exe-ms,PO.exe), etc. Maybe Lotus note includes a signature that is banned? Best regards, Olivier > Please do not hesitate to contact us , If you have any questions . > Best Regards. > ################################ > # Watthanachai KEKHUA (Golf) > ################################ > > DISCLAIMER : > This email is for the use of the intended recipient(s) only. > If you have received this email in error, please notify the sender > immediately and then delete it. > If you are not the intended recipient, you must not keep, use, disclose, copy > or distribute this email without the author's prior permission. > We have taken precautions to minimise the risk of transmitting software > viruses, but we advise you to carry out your own virus checks on any > attachment to this message. > We cannot accept liability for any loss or damage caused by software viruses. > The information contained in this communication may be confidential and may > be subject to the attorney-client privilege. > If you are the intended recipient and you do not wish to receive similar > electronic messages from us in future then please respond to the sender to > this effect. > > > -----Original Message----- > From: Olivier Nicole [mailto:[email protected]] > Sent: Monday, March 09, 2015 12:05 PM > To: Watthanachai Kekhua > Cc: [email protected] > Subject: Re: BANNED, message contains text/plain,.exe issue. > > Hi Golf, > >> Today we found some strange situation for incoming email when enabled >> blocking ".exe" in zip file extension on amavisd.conf as below >> configuration. >> >> ### amavisd.conf for BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is >> or contains any undecipherable components >> qr'^\.(exe|exe-ms|dll)$', # banned file(1) types, >> rudimentary >> >> Now , We always found banned email from incoming email send from Lotus note >> MTA . >> And Sender address try to send attach file ".xls" and normal email with >> plain text after that our amavisd detect both email as "BANNED" type. > > I don't understand what you mean. > > Since you have banned .exe all message from Lotus note are banned, even when > they have no .exe in it? > > In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned > directory. You could have a close look at the messages and confirm if they > are good or not. > > If you *need* to discuss in Thai, maybe I can help. > > Best regards, > > Olivier > >> #maillog message show >> BANNED, message contains text/plain,.exe >> (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe) #Detail >> information application FreeBSD 9 Amd64 bit Postfix + >> amavisd-new-2.8.0_2 >> >> Have you ever found this kind of issue and how to solved problem for this >> issue ? >> >> Please do not hesitate to contact us , If you have any questions . >> Best Regards. >> ################################ >> # Watthanachai KEKHUA (Golf) >> # Operation And Maintenance Department (OAM) # Tel: 02-2367227 Ext. >> 1624 # NTT Communications (Thailand) Co., Ltd. >> ################################# >> >> DISCLAIMER : >> This email is for the use of the intended recipient(s) only. >> If you have received this email in error, please notify the sender >> immediately and then delete it. >> If you are not the intended recipient, you must not keep, use, disclose, >> copy or distribute this email without the author's prior permission. >> We have taken precautions to minimise the risk of transmitting software >> viruses, but we advise you to carry out your own virus checks on any >> attachment to this message. >> We cannot accept liability for any loss or damage caused by software viruses. >> The information contained in this communication may be confidential and may >> be subject to the attorney-client privilege. >> If you are the intended recipient and you do not wish to receive similar >> electronic messages from us in future then please respond to the sender to >> this effect. >> >> >> [2:text/html Show] >> --
