Fixed: Amavisd cannot detect '.exe' file in zipped attachment.
This commit is contained in:
parent
a60c025597
commit
9d17fac2c5
|
@ -19,6 +19,7 @@
|
|||
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release">Upgrade Roundcube webmail to the latest stable release</a></li>
|
||||
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-145">Upgrade iRedAPD (Postfix policy server) to the latest 1.4.5</a></li>
|
||||
<li><a href="#fixed-return-receipt-response-rejected-by-iredapd-plugin-reject_null_sender">Fixed: return receipt response rejected by iRedAPD plugin reject_null_sender</a></li>
|
||||
<li><a href="#fixed-amavisd-cannot-detect-exe-file-in-zipped-attachment">Fixed: Amavisd cannot detect .exe file in zipped attachment.</a></li>
|
||||
<li><a href="#fixed-amavisd-cannot-detect-exe-file-in-rar-compressed-attachment">Fixed: Amavisd cannot detect .exe file in rar compressed attachment.</a></li>
|
||||
<li><a href="#fixed-cannot-run-php-script-under-web-document-root-with-nginx">Fixed: Cannot run PHP script under web document root with Nginx.</a></li>
|
||||
<li><a href="#fixed-incorrect-log-file-and-ownergroup-in-logrotate-config-file-etclogrotatedpolicyd">Fixed: Incorrect log file and owner/group in logrotate config file: /etc/logrotate.d/policyd</a></li>
|
||||
|
@ -61,6 +62,7 @@
|
|||
<p><strong>WARNING: Still working in progress, do <em>NOT</em> apply it.</strong></p>
|
||||
<h2 id="changelog">ChangeLog</h2>
|
||||
<ul>
|
||||
<li>2015-05-03: [All backends] Fixed: Amavisd cannot detect <code>.exe</code> file in zipped attachment.</li>
|
||||
<li>2015-04-21: [All backends] [Debian/Ubuntu] Fixed: Amavisd cannot detect <code>.exe</code> file in rar compressed attachment.</li>
|
||||
<li>2015-04-21: [All backends] Fixed: Incorrect log file and owner/group in logrotate config file: /etc/logrotate.d/policyd.</li>
|
||||
<li>2015-04-06: [All backends] Make Dovecot subscribe newly created folder automatically.</li>
|
||||
|
@ -186,6 +188,44 @@ authenticated user but with null sender in <code>From:</code> header (<code>from
|
|||
log). If your user's password was cracked by spammer, spammer can use this
|
||||
account to bypass smtp authentication, but with a null sender in <code>From:</code>
|
||||
header, throttling won't be triggered.</p>
|
||||
<h3 id="fixed-amavisd-cannot-detect-exe-file-in-zipped-attachment">Fixed: Amavisd cannot detect <code>.exe</code> file in zipped attachment.</h3>
|
||||
<p>Amavisd on some Linux/BSD distribution use <code>$banned_namepath_re</code>
|
||||
instead of <code>$banned_filename_re</code> to check banned files, but it
|
||||
(<code>$banned_namepath_re</code>) was not defined, so we define some blocked file
|
||||
types here.</p>
|
||||
<p>Please append below settings in Amavisd config file, above the last line
|
||||
(<code>1; # insure a defined return</code>) in the same file:</p>
|
||||
<ul>
|
||||
<li>On RHEL/CentOS, OpenBSD, it's <code>/etc/amavisd/amavisd.conf</code>.</li>
|
||||
<li>On Debian/Ubuntu, it's <code>/etc/amavis/conf.d/50-user</code>.</li>
|
||||
<li>On FreeBSD, it's <code>/usr/local/etc/amavisd.conf</code>.</li>
|
||||
</ul>
|
||||
<pre><code># Amavisd on some Linux/BSD distribution use \$banned_namepath_re
|
||||
# instead of \$banned_filename_re, so we define some blocked file
|
||||
# types here.
|
||||
#
|
||||
# Sample input for $banned_namepath_re:
|
||||
#
|
||||
# P=p003\tL=1\tM=multipart/mixed\nP=p002\tL=1/2\tM=application/octet-stream\tT=dat\tN=my_docum.zip
|
||||
#
|
||||
# What it means:
|
||||
# - T: type. e.g. zip archive.
|
||||
# - M: MIME type. e.g. application/octet-stream.
|
||||
# - N: suggested (MIME) name. e.g. my_docum.zip.
|
||||
|
||||
$banned_namepath_re = new_RE(
|
||||
[qr'T=(exe|exe-ms|dat|lha|cab|dll)\t'xmi => 'DISCARD'], # banned file(1) types
|
||||
[qr'T=(pif|scr)\t'xmi => 'DISCARD'], # banned extensions - rudimentary
|
||||
[qr'T=ani\t'xmi => 'DISCARD'], # banned animated cursor file(1) type
|
||||
[qr'T=(mim|b64|bhx|hqx|xxe|uu|uue)\t'xmi => 'DISCARD'], # banned extension - WinZip vulnerab.
|
||||
[qr'M=application/x-msdownload\t'xmi => 'DISCARD'], # block these MIME types
|
||||
[qr'M=application/x-msdos-program\t'xmi => 'DISCARD'],
|
||||
[qr'M=application/hta\t'xmi => 'DISCARD'],
|
||||
[qr'M=(application/x-msmetafile|image/x-wmf)\t'xmi => 'DISCARD'], # Windows Metafile MIME type
|
||||
);
|
||||
</code></pre>
|
||||
|
||||
<p>Restarting Amavisd service is required.</p>
|
||||
<h3 id="fixed-amavisd-cannot-detect-exe-file-in-rar-compressed-attachment">Fixed: Amavisd cannot detect <code>.exe</code> file in rar compressed attachment.</h3>
|
||||
<p>Note: This fix is applicable to RHEL/CentOS, Debian and Ubuntu.</p>
|
||||
<ul>
|
||||
|
|
|
@ -7,6 +7,7 @@ __WARNING: Still working in progress, do _NOT_ apply it.__
|
|||
|
||||
## ChangeLog
|
||||
|
||||
* 2015-05-03: [All backends] Fixed: Amavisd cannot detect `.exe` file in zipped attachment.
|
||||
* 2015-04-21: [All backends] [Debian/Ubuntu] Fixed: Amavisd cannot detect `.exe` file in rar compressed attachment.
|
||||
* 2015-04-21: [All backends] Fixed: Incorrect log file and owner/group in logrotate config file: /etc/logrotate.d/policyd.
|
||||
* 2015-04-06: [All backends] Make Dovecot subscribe newly created folder automatically.
|
||||
|
@ -149,6 +150,48 @@ log). If your user's password was cracked by spammer, spammer can use this
|
|||
account to bypass smtp authentication, but with a null sender in `From:`
|
||||
header, throttling won't be triggered.
|
||||
|
||||
### Fixed: Amavisd cannot detect `.exe` file in zipped attachment.
|
||||
|
||||
Amavisd on some Linux/BSD distribution use `$banned_namepath_re`
|
||||
instead of `$banned_filename_re` to check banned files, but it
|
||||
(`$banned_namepath_re`) was not defined, so we define some blocked file
|
||||
types here.
|
||||
|
||||
Please append below settings in Amavisd config file, above the last line
|
||||
(`1; # insure a defined return`) in the same file:
|
||||
|
||||
* On RHEL/CentOS, OpenBSD, it's `/etc/amavisd/amavisd.conf`.
|
||||
* On Debian/Ubuntu, it's `/etc/amavis/conf.d/50-user`.
|
||||
* On FreeBSD, it's `/usr/local/etc/amavisd.conf`.
|
||||
|
||||
```
|
||||
# Amavisd on some Linux/BSD distribution use \$banned_namepath_re
|
||||
# instead of \$banned_filename_re, so we define some blocked file
|
||||
# types here.
|
||||
#
|
||||
# Sample input for $banned_namepath_re:
|
||||
#
|
||||
# P=p003\tL=1\tM=multipart/mixed\nP=p002\tL=1/2\tM=application/octet-stream\tT=dat\tN=my_docum.zip
|
||||
#
|
||||
# What it means:
|
||||
# - T: type. e.g. zip archive.
|
||||
# - M: MIME type. e.g. application/octet-stream.
|
||||
# - N: suggested (MIME) name. e.g. my_docum.zip.
|
||||
|
||||
$banned_namepath_re = new_RE(
|
||||
[qr'T=(exe|exe-ms|dat|lha|cab|dll)\t'xmi => 'DISCARD'], # banned file(1) types
|
||||
[qr'T=(pif|scr)\t'xmi => 'DISCARD'], # banned extensions - rudimentary
|
||||
[qr'T=ani\t'xmi => 'DISCARD'], # banned animated cursor file(1) type
|
||||
[qr'T=(mim|b64|bhx|hqx|xxe|uu|uue)\t'xmi => 'DISCARD'], # banned extension - WinZip vulnerab.
|
||||
[qr'M=application/x-msdownload\t'xmi => 'DISCARD'], # block these MIME types
|
||||
[qr'M=application/x-msdos-program\t'xmi => 'DISCARD'],
|
||||
[qr'M=application/hta\t'xmi => 'DISCARD'],
|
||||
[qr'M=(application/x-msmetafile|image/x-wmf)\t'xmi => 'DISCARD'], # Windows Metafile MIME type
|
||||
);
|
||||
```
|
||||
|
||||
Restarting Amavisd service is required.
|
||||
|
||||
### Fixed: Amavisd cannot detect `.exe` file in rar compressed attachment.
|
||||
|
||||
Note: This fix is applicable to RHEL/CentOS, Debian and Ubuntu.
|
||||
|
|
Loading…
Reference in New Issue