amavisd.conf选择邮件附件类型
时间:2007-04-24 来源:Mozer
需求:发送exe的附件
vi /etc/amavisd.conf
...
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID
#edit by zhang_huajun at 2006-12-01
# qr'^application/x-msdownload$'i, # block these MIME types
# qr'^application/x-msdos-program$'i,
# qr'^application/hta$'i,
...
service amavisd restart
postfix reload
还是发不了带EXE的附件,试着发了一封,返回两封系统邮件:
一,
No viruses were found.
Banned name: multipart/mixed | application/x-msdownload,.exe,.exe-ms,putty.exe
Content type: Banned (7,0)
Internal reference code for the message is 28228-01/XMxJZP-yA4kv
According to a 'Received:' trace, the message originated at: [192.168.200.33],
zhanghuajun (unknown [192.168.200.33])
Return-Path: <zhang_huajun at abc.com>
Message-ID: <01cb01c714eb$c7a38140$[email protected]>
X-Mailer: Microsoft Outlook Express 6.00.3790.0
Subject: test
The message has been quarantined as: banned-XMxJZP-yA4kv
The message WAS NOT relayed to:
<zhang_huajun at abc.com>:
550 5.7.1 Rejected, id=28228-01 - BANNED: multipart/mixed | application/x-msdownload,.exe,.exe-ms,putty.exe
二,
BANNED CONTENTS ALERT
Our content checker found
banned name: multipart/mixed |
application/x-msdownload,.exe,.exe-ms,putty.exe
....... 问题解决:
vi /etc/amavisd.conf
...
#edit by zhang_huajun at 2006-12-01
[ qr'^\.(exe|dll|zip|rar|arc|arj|zoo)$'=> 0 ], # 在这里加支持的文件类型,并去掉原来的#号allow any within such archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives
...
...
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID
#edit by zhang_huajun at 2006-12-01
# qr'^application/x-msdownload$'i, # block these MIME types
# qr'^application/x-msdos-program$'i,
# qr'^application/hta$'i,
...
service amavisd restart
postfix reload
还是发不了带EXE的附件,试着发了一封,返回两封系统邮件:
一,
No viruses were found.
Banned name: multipart/mixed | application/x-msdownload,.exe,.exe-ms,putty.exe
Content type: Banned (7,0)
Internal reference code for the message is 28228-01/XMxJZP-yA4kv
According to a 'Received:' trace, the message originated at: [192.168.200.33],
zhanghuajun (unknown [192.168.200.33])
Return-Path: <zhang_huajun at abc.com>
Message-ID: <01cb01c714eb$c7a38140$[email protected]>
X-Mailer: Microsoft Outlook Express 6.00.3790.0
Subject: test
The message has been quarantined as: banned-XMxJZP-yA4kv
The message WAS NOT relayed to:
<zhang_huajun at abc.com>:
550 5.7.1 Rejected, id=28228-01 - BANNED: multipart/mixed | application/x-msdownload,.exe,.exe-ms,putty.exe
二,
BANNED CONTENTS ALERT
Our content checker found
banned name: multipart/mixed |
application/x-msdownload,.exe,.exe-ms,putty.exe
....... 问题解决:
vi /etc/amavisd.conf
...
#edit by zhang_huajun at 2006-12-01
[ qr'^\.(exe|dll|zip|rar|arc|arj|zoo)$'=> 0 ], # 在这里加支持的文件类型,并去掉原来的#号allow any within such archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives
...
需求"如何在过滤非法附件时,忽略正常的zip rar中的exe文件.而对含有病毒rar zip包,照旧解压、扫描."
失败步骤:
去掉这行的批注
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
qr'^\.(exe-ms)$', # banned file(1) (去掉这行批注,结果也是一样"types")
会连zip rar中包含exe文件的附件都当掉.
成功步骤:
在amavisd.conf中去掉以下行remark
[qr'^\. (zip|rar|arc|arj|zoo|) $’ =>0] # allow any within such archives
但也有矛盾存在,如以上压缩包中带有exe病毒,则不会被amavisd拦截.
相关阅读 更多 +
