Bug#717096: amavisd-new: .docx often incorrectly detected as BANNED: .exe, .exe-ms, [trash]/0000.dat

Tue, 16 Jul 2013 11:22:31 -0700 

Package: amavisd-new
Version: 1:2.6.4-3
Severity: normal


.docx documents (ZIP files) are often incorrectly tagged and blocked with:

Reject, id=29112-10-2 - BANNED: .exe,.exe-ms,[trash]/0000.dat (in reply to end 
of DATA command)

unzipping .docx reveals that file(1) reports this as:

[trash]/0000.dat: DOS executable (device driver)

However looking at magic(5) source, it seems it is very simple check prone
for false positives. While I'm working around bug at our mail server by
removing non-ideal "device driver" definition, I think it would be better if
amavis would not block those as it has quite a few false positives in the
wild, and there is pretty low infection chance even if it was infected
device driver (you'd have to have old DOS/Windows system and manually edit
config.sys device= lines to become infected after reboot!)

And even if there are infected device drivers in the wild those years (which
I seriously doubt), they would be caught by antivirus (clamav or such).

So I think exception should be made in amavisd-new to not detect 
"DOS executable (device driver)" attachment as something that should ban
e-mails.

[ Alternatively, this may be reassigned as file(1) bug, but that would
probably be overkill.  ]

-- System Information:
Debian Release: 6.0.7
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages amavisd-new depends on:
ii  adduser                3.112+nmu2        add and remove users and groups
ii  debconf [debconf-2.0]  1.5.36.1          Debian configuration management sy
ii  file                   5.04-5+squeeze2   Determines file type using "magic"
ii  libarchive-zip-perl    1.30-3            Perl module for manipulation of ZI
ii  libberkeleydb-perl     0.42-1~squeeze1   use Berkeley DB 4 databases from P
ii  libcompress-raw-zlib-p 2.026-1           low-level interface to zlib compre
ii  libconvert-tnef-perl   0.17-9            Perl module to read TNEF files
ii  libconvert-uulib-perl  1.12-1            Perl interface to the uulib librar
pn  libdigest-md5-perl     <none>            (no description available)
ii  libio-stringy-perl     2.110-4           Perl modules for IO from scalars a
ii  libmail-dkim-perl      0.38-1            cryptographically identify the sen
ii  libmailtools-perl      2.06-1            Manipulate email in perl programs
pn  libmime-base64-perl    <none>            (no description available)
ii  libmime-tools-perl     5.428-1           Perl5 modules for MIME-compliant m
ii  libnet-server-perl     0.97-1            An extensible, general perl server
ii  libunix-syslog-perl    1.1-2             Perl interface to the UNIX syslog(
ii  pax                    1:20090728-1      Portable Archive Interchange
ii  perl [libtime-hires-pe 5.10.1-17squeeze6 Larry Wall's Practical Extraction 
ii  perl-modules [libarchi 5.10.1-17squeeze6 Core Perl modules

amavisd-new recommends no packages.

Versions of packages amavisd-new suggests:
ii  apt-listchanges   2.85.7+squeeze1        package change history notificatio
ii  arj               3.10.22-9              archiver for .arj files
ii  cabextract        1.3-1                  a program to extract Microsoft Cab
ii  clamav            0.97.6+dfsg-1~squeeze1 anti-virus utility for Unix - comm
ii  clamav-daemon     0.97.6+dfsg-1~squeeze1 anti-virus utility for Unix - scan
ii  cpio              2.11-4                 GNU cpio -- a program to manage ar
pn  dspam             <none>                 (no description available)
pn  lha               <none>                 (no description available)
ii  libauthen-sasl-pe 2.1500-1               Authen::SASL - SASL Authentication
ii  libdbi-perl       1.612-1                Perl Database Interface (DBI)
ii  libmail-dkim-perl 0.38-1                 cryptographically identify the sen
ii  libnet-ldap-perl  1:0.4001-2             client interface to LDAP servers
pn  libsnmp-perl      <none>                 (no description available)
ii  lzop              1.02~rc1-2             fast compression program
ii  nomarch           1.4-3                  Unpacks .ARC and .ARK MS-DOS archi
ii  p7zip             9.04~dfsg.1-1          7zr file archiver with high compre
pn  rpm               <none>                 (no description available)
ii  spamassassin      3.3.1-1                Perl-based spam filter using text 
pn  unrar             <none>                 (no description available)
ii  unrar-free        1:0.0.1+cvs20071127-1  Unarchiver for .rar files
ii  zoo               2.10-22                manipulate zoo archives

-- Configuration Files:
/etc/amavis/conf.d/05-domain_id changed [not included]
/etc/amavis/conf.d/15-content_filter_mode changed [not included]
/etc/amavis/conf.d/20-debian_defaults changed [not included]
/etc/amavis/conf.d/50-user changed [not included]
/etc/cron.d/amavisd-new changed [not included]

-- debconf information:
  amavisd-new/outdated_config_style_warning:


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to