Return-Path: X-Original-To: apmail-spamassassin-users-archive@www.apache.org Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4282618293 for ; Mon, 1 Feb 2016 14:38:03 +0000 (UTC) Received: (qmail 94196 invoked by uid 500); 1 Feb 2016 14:09:58 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 94167 invoked by uid 500); 1 Feb 2016 14:09:58 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 94156 invoked by uid 99); 1 Feb 2016 14:09:58 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Feb 2016 14:09:58 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id EA0E31A0798 for ; Mon, 1 Feb 2016 14:09:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.555 X-Spam-Level: X-Spam-Status: No, score=-0.555 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.554, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id gf1261sZe34M for ; Mon, 1 Feb 2016 14:09:50 +0000 (UTC) Received: from mail.thelounge.net (mail.thelounge.net [91.118.73.15]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id AA5CE2565F for ; Mon, 1 Feb 2016 14:09:49 +0000 (UTC) Subject: Re: How to reject all mails with docs attached? To: users@spamassassin.apache.org References: <56AF5408.7050102@txbweb.de> <56AF549A.1090900@thelounge.net> <56AF662E.1090007@txbweb.de> From: Reindl Harald Openpgp: id=13540402D67A7F71C6E974EA866063CF7F780279; url=https://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt X-Enigmail-Draft-Status: N1110 Organization: the lounge interactive design Message-ID: <56AF6726.20007@thelounge.net> Date: Mon, 1 Feb 2016 15:09:42 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: <56AF662E.1090007@txbweb.de> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="r7OlTD4cqAoNCrUe8sWS65m7uxo18Eqdd" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --r7OlTD4cqAoNCrUe8sWS65m7uxo18Eqdd Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Am 01.02.2016 um 15:05 schrieb Thomas Barth: > No viruses were found. > Banned name: .exe,.exe-ms,23676883772984656662(1).doc.exe > Content type: Banned > Not quarantined. > The message WAS NOT relayed to: > xxx > 554 5.7.0 Reject, id=3D09201-09 - BANNED: > .exe,.exe-ms,23676883772984656662(1).doc.exe > > This message is a test result of ClamAV? I would like to add .doc as > banned name sounds like amavis and as already suggested: reject it at smtpd level mime_header_checks =3D pcre:/etc/postfix/mime_header_checks.cf [root@mail-gw:~]$ cat /etc/postfix/mime_header_checks.cf # Reject Attachment Extensions /^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* =3D=20 \s*"?(.*?(\.|=3D2E)(386|acm|ade|adp|apk|awx|ax|bas|bat|bin|cdf|chm|class|= cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jar|jse|lnk|m= de|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|rar|reg|scf|scr|scr= ipt|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|= wsh))(?:\?=3D)?"?\s*(;|$)/x=20 REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1" > Am 01.02.2016 um 13:50 schrieb Reindl Harald: >> >> Am 01.02.2016 um 13:48 schrieb Thomas Barth: >>> for a week or so I get a lot of mails with bills as doc-documents and= >>> Spamassassin is actually not able to mark it as spam >> >> it is able >> >> combined BAYES scores and other rules on a proper trained SA leads to >> 99.9% milter-reject rate of these malware mails here --r7OlTD4cqAoNCrUe8sWS65m7uxo18Eqdd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlavZyYACgkQhmBjz394AnktdwCfSjU+GMW9lHRiMT1Z0Qb1q3qR D7UAn3KSnkkXusS/n43nc5tr5KAoOUoD =pq4a -----END PGP SIGNATURE----- --r7OlTD4cqAoNCrUe8sWS65m7uxo18Eqdd--