> Do the $banned_filename_re or $banned_namepath_re amavisd-new perl > settings do what you want?
No, absolutely not! These tags allow me to block files with e. g .a certain extension. A file with extension .js probably contains javascript, and javascript in an email can be considered malicious in almost any case. So I will use $banned_filename_re to block such attachments. But .html can't be considered malicious or even dangerous by it's very nature. In an email, html in almost any case contains harmless text. But html can (and will increasingly) contain malicious javascript code. So if a mail has an html-attachment, I must parse this attachment for keywords like re(/meta content=3Djavascript/) and if an attachment contains such a keyword, I will reject the mail with an appropriate error code. That can be done in postfix. _As long_, as the attachment is text-encoded (quoted-printable). But if the html-attachment is encoded base64, such simple checks on postfix will fail. Now it is a job for amavis! At least, it should be a job for amavis. But as far as I can see, there is no integrated mechanism in amavis, to filter such content. Of course, malicious code _could_ be detected by a virus scanner. But honestly, when in the past few years have you ever seen a virus scanner discovering a zero day trojan? Javascript in a html-attachment in an email shouldn't be a big threat, if your mail client is configured to reject the execution of any script. But what, if you read your mail in a web interface, in a browser? A browser in almost any case will execute that script! So a mailserver should either reject this kind of stuff, or at least mark it as potentially dangerous. The latter can be done in amavis even today, if I abuse amavis' virus scanner interface to call my own script, which decodes a given attachment and parses it for certain keywords. But I think, that it would be a much better solution, if amavis byself would decode any base64 encoded attachment, which by it's filename resp. by it's Content-Type can be considered to be a textfile (which can contain malicious executable code) and if amavis would than parse this textfile for certain keywords. > FYI: You might be better off asking on the amavisd-new user mailing > list, as I get the impression this is a help/support request, not a bug > report. Your are right, it's not exactly a bug report. It's a feature request, thatfor I filed this report with severity 'wishlist'. Regards Georg
