amavisd-new: .docx often incorrectly detected as BANNED: .exe, .exe-ms, [trash]/0000.dat

15 January 2016

Amavis seems to block some Word documents. I experienced those problems with signed documents. In the logfiles amavis writes:

Blocked BANNED (.exe,.exe-ms,[trash]/0000.dat)

According to the Debian bugtracker it seems that this bug is already known. I found a workaround for this problem here. So I opened an editor and copied the $banned_filename_re = new_RE-Block from /etc/amavis/conf.d/20-debian_defaults to_/etc/amavis/conf.d/50-user_. Now I just added

[qr'^\[trash\]/[0-9a-f]{4}\.dat$' =\> 0 ], 

on the top of the list. The complete block looks like this:

     $banned\_filename\_re = new\_RE( # allow trash sections of docx files [qr'^\[trash\]/[0-9a-f]{4}\.dat$' =\> 0 ], # allow [trash]hhhh.dat in docx files # block certain double extensions anywhere in the base name qr'\.[^./]\*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic qr'^\.(exe-ms)$', # banned file(1) types ); 
[ Linux  Sysadmin  Anti-Spam  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti