Hi All, I've noticed a few instances of the relativley new "dumaru worm" passing through amavisd-new and clamd AV. I thought all exe files were being blocked by amavis, but in testing I've disovered that contrary to my conf file comments, " If any mail part matches, the whole mail is rejected, much like the way viruses are handled", the banned extensions are not being deleted but sent, and followed by a warning...
BANNED FILENAME ALERT Our content checker found test.exe The conf file states that... "file content type as guessed by 'file' utility, both the raw # result from 'file', as well as short type name, classified # into names such as .asc, .txt, .html, .doc, .jpg, .pdf, # .zip, .exe, ... - see subroutine determine_file_types(). # This step is done only if $bypass_decode_parts is not true." And in the conf file $bypass_decode_parts = 0; The system administrator also recieves notification that the email with banned extension has been delivered. I'm hoping someone can tell me where this is being switched wrong. I'm using amavisd-new-20021227-p1 on debian testing distro. Thanks in advance! Lewis Shobbrook ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users