List Info

Thread: Do not Ban encrypted leaf members, but do ban encrypted .ZIP
Do not Ban encrypted leaf members, but do ban encrypted .ZIP
user name
 2006-07-19 14:34:15 
Hi All,

I'm testing/configuring a new mailgateway with a more
current version
Postfix, AMaViS-new, SpamAssassin, Kaspersky-AV and ClamAV
combi.

The new Mailgateway has AMaViS has version 2.4.1
What I'm trying to do is to ban encrypted .ZIP (and some
other) archives
but to pass unencrypted .ZIP containing an encrypted .ZIP.
Therefore I
use the new style of banned lookup table with
$banned_namepath_re. The
old method is disabled.

I have got this section:

 -----8<-----

# # within certain archives allow leaf members at any depth
if crypted
  [ qr'(?# ALLOW ENCRYPTED )
       ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C
(\t.*)? \z'xmi => 0
],

# # allow crypted leaf members regardless of their name or
type
# [ qr'(?# ALLOW IF ENCRYPTED )    ^ (.*\t)? A=C (\t.*)?
\z'xmi => 0 ],

# # block if any component can not be decoded (is encrypted
or bad
archive)
# qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)?
\z'xmi,

 -----8<-----

But it does not work.

Encrypted .ZIP is passed with ***UNCHECKED*** in the
Subject: field.
(Should be blocked)
Encrypted .ZIP in a nonencrypted .ZIP is passed with
***UNCHECKED*** in
the Subject: field. (This is a correct action.)

Did I misunderstood the comments or do I have another error?

Another problem is that 'kill -HUP' of the amavisd master
dies silently
instead of doing a reload. No errors in the log, not even in
debug
mode... I have (re)checked the ownership of the amavisd
files, but did
not find an error. Have you got an idea where to look?

Cheers,
       Harrie (quite hot over here...)

------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys
-- and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
Do not Ban encrypted leaf members, but do ban encrypted .ZIP
user name
 2006-07-19 14:52:48 
H. wrote:

> Hi All,

> I'm testing/configuring a new mailgateway with a more
current version
> Postfix, AMaViS-new, SpamAssassin, Kaspersky-AV and
ClamAV combi.

> The new Mailgateway has AMaViS has version 2.4.1
> What I'm trying to do is to ban encrypted .ZIP (and
some other) archives
> but to pass unencrypted .ZIP containing an encrypted
.ZIP. Therefore I
> use the new style of banned lookup table with
$banned_namepath_re. The
> old method is disabled.

> I have got this section:

>  -----8<-----

> # # within certain archives allow leaf members at any
depth if crypted
>   [ qr'(?# ALLOW ENCRYPTED )
>        ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C
(\t.*)? \z'xmi => 0
> ],

> But it does not work.

> Encrypted .ZIP is passed with ***UNCHECKED*** in the
Subject: field.
> (Should be blocked)
> Encrypted .ZIP in a nonencrypted .ZIP is passed with
***UNCHECKED*** in
> the Subject: field. (This is a correct action.)

> Did I misunderstood the comments or do I have another
error?

I could be wrong, but it appears to me this rule allows
encrypted
zip|rar|arj files or will also allow the file to pass if
there is a file
inside a zip|rar|arj that cannot be deciphered (is
encrypted). So to me
your result would be expected. I'm not sure how you would
accomplish
your goal. Mark may have an idea, but won't be back for a
week or so.

> Another problem is that 'kill -HUP' of the amavisd
master dies silently
> instead of doing a reload. No errors in the log, not
even in debug
> mode... I have (re)checked the ownership of the amavisd
files, but did
> not find an error. Have you got an idea where to look?

>From RELEASE_NOTES:

- sending signal HUP in order to restart amavisd no longer
works (previously
  it only worked in non-chrooted environment and relied on
guessing amavisd
  absolute path); please use 'amavisd reload', or
'amavisd stop' and restart;

  If the HUP method is really still needed, please replace
the line
    commandline => [],  # disable
  by:
    commandline =>
['/usr/local/sbin/amavisd','-c',$config_file],
  in file amavisd, adjusting the path if necessary.

> Cheers,
>        Harrie (quite hot over here...)


Gary V


------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys
-- and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )