On 2021-12-11 12:08, Nikolaos Milas wrote:
I find banned plain text mail as follows (- I replaced real usernames
with user1-3):
p.path BANNED:1 [email protected]: "P=p001,L=1,M=text/plain,T=exe",
matching_key="(?^:^\\.(exe|lha|cab|dll|gz|tgz|lzh)$)"
it contains both text and a modos exe file
would it be better to use amavisd-milter, and change the banned to
reject ?
you wont miss the exe file
in case you like to debug it more
ripmime -i banned-quarntine-file -d /tmp
if it gz compressed quarantine do gzip -d first
if ls /tmp shows a exe file, you got it
upload this exe file to virustotal.com and see if its safe to use
anyway, but dont do it, never use exe file delivered in email, never
ever
Thanks in advance,
security first
