[AMaViS-user] banned attachments - strange behavior

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi List!

A couple of days ago I upgraded my amavisd-new (from Dag Wieers' 
amavisd-new-20030616-7.p9.rhfc1.dag RPM) and yesterday I upgraded to 
clamav-0.70-1.

Since then, I see a strange behavior, while sending some files as attachments. 
Some of the files were binary, and others were text files, but none of them 
was an MS-DOS executable and none had .exe extension.

I attached a quarrantined message (I changed the actual email address in the 
headers). As you can see, there's no attachments with .exe extension.

I also attached the amavisd.conf (without the comments and blank lines). For 
now I "solved" the problem by using $bypass_decode_parts = 1.

I use postfix-2.0.16-1 and spamassassin-2.63-0.2 on Fedora Core 1.

The following is the amavisd startup messages from /var/log/maillog.
-----------------------
Apr 19 12:24:58 mail amavis[4802]: starting.  amavisd at mail.ams-sys.com 
amavisd-new-20030616-p9, Unicode aware, LANG=en_US.UTF-8
Apr 19 12:24:59 mail amavis[4802]: Perl version               5.008003
Apr 19 12:24:59 mail amavis[4802]: Module Amavis::Conf        1.15
Apr 19 12:24:59 mail amavis[4802]: Module Archive::Tar        1.08
Apr 19 12:24:59 mail amavis[4802]: Module Archive::Zip        1.09
Apr 19 12:24:59 mail amavis[4802]: Module Compress::Zlib      1.33
Apr 19 12:24:59 mail amavis[4802]: Module Convert::TNEF       0.17
Apr 19 12:24:59 mail amavis[4802]: Module Convert::UUlib      1.0
Apr 19 12:24:59 mail amavis[4802]: Module DB_File             1.808
Apr 19 12:24:59 mail amavis[4802]: Module MIME::Entity        5.404
Apr 19 12:24:59 mail amavis[4802]: Module MIME::Parser        5.406
Apr 19 12:24:59 mail amavis[4802]: Module MIME::Tools         5.411
Apr 19 12:24:59 mail amavis[4802]: Module Mail::Header        1.60
Apr 19 12:24:59 mail amavis[4802]: Module Mail::Internet      1.60
Apr 19 12:24:59 mail amavis[4802]: Module Mail::SpamAssassin  2.63
Apr 19 12:24:59 mail amavis[4802]: Module Net::Cmd            2.24
Apr 19 12:24:59 mail amavis[4802]: Module Net::DNS            0.31
Apr 19 12:24:59 mail amavis[4802]: Module Net::SMTP           2.26
Apr 19 12:24:59 mail amavis[4802]: Module Net::Server         0.86
Apr 19 12:24:59 mail amavis[4802]: Module Time::HiRes         1.38
Apr 19 12:24:59 mail amavis[4802]: Module Unix::Syslog        0.100
Apr 19 12:24:59 mail amavis[4802]: Found myself: /usr/sbin/amavisd 
-c /etc/amavisd.conf
Apr 19 12:24:59 mail amavis[4802]: Lookup::SQL code       NOT loaded
Apr 19 12:24:59 mail amavis[4802]: Lookup::LDAP code      NOT loaded
Apr 19 12:24:59 mail amavis[4802]: AMCL-in protocol code  loaded
Apr 19 12:24:59 mail amavis[4802]: SMTP-in protocol code  loaded
Apr 19 12:24:59 mail amavis[4802]: ANTI-VIRUS code        loaded
Apr 19 12:24:59 mail amavis[4802]: ANTI-SPAM  code        loaded
Apr 19 12:24:59 mail amavis[4824]: Net::Server: Process Backgrounded
Apr 19 12:24:59 mail amavis[4824]: Net::Server: 2004/04/19-12:24:59 Amavis 
(type Net::Server::PreForkSimple) starting! pid(4824)
Apr 19 12:24:59 mail amavis[4824]: Net::Server: Binding to UNIX socket 
file /var/spool/amavis/amavisd.sock using SOCK_STREAM
Apr 19 12:24:59 mail amavis[4824]: Net::Server: Binding to TCP port 10024 on 
host 127.0.0.1
Apr 19 12:24:59 mail amavis[4824]: Found $file       at /usr/bin/file
Apr 19 12:24:59 mail amavis[4824]: Found $arc        at /usr/bin/nomarch
Apr 19 12:24:59 mail amavis[4824]: Found $gzip       at /usr/bin/gzip
Apr 19 12:24:59 mail amavis[4824]: Found $bzip2      at /usr/bin/bzip2
Apr 19 12:24:59 mail amavis[4824]: Found $lzop       at /usr/bin/lzop
Apr 19 12:24:59 mail amavis[4824]: Found $lha        at /usr/bin/lha
Apr 19 12:24:59 mail amavis[4824]: Found $unarj      at /usr/bin/unarj
Apr 19 12:24:59 mail amavis[4824]: Found $uncompress at /usr/bin/uncompress
Apr 19 12:24:59 mail amavis[4824]: Found $unfreeze   at /usr/bin/unfreeze
Apr 19 12:24:59 mail amavis[4824]: Found $unrar      at /usr/bin/unrar
Apr 19 12:24:59 mail amavis[4824]: Found $zoo        at /usr/bin/zoo
Apr 19 12:24:59 mail amavis[4824]: Found $cpio       at /bin/cpio
Apr 19 12:24:59 mail amavis[4824]: Using internal av scanner code for 
(primary) Clam Antivirus-clamd
Apr 19 12:24:59 mail amavis[4824]: Found secondary av scanner Clam Antivirus - 
clamscan at /usr/bin/clamscan
Apr 19 12:24:59 mail amavis[4824]: SpamControl: initializing 
Mail::SpamAssassin
Apr 19 12:25:00 mail ipop3d[4827]: pop3s SSL service init from 192.168.1.104
Apr 19 12:25:01 mail ipop3d[4827]: Login user=vgutkhen host=[192.168.1.104] 
nmsgs=0/0
Apr 19 12:25:01 mail ipop3d[4827]: Logout user=vgutkhen host=[192.168.1.104] 
nmsgs=0 ndele=0
Apr 19 12:25:05 mail amavis[4824]: SpamControl: done
-----------------------

Sorry about a long post.

Any help would be much appreciated.

Thanks in advance,

Uri

-- 
Uri Shohet <mailto:Uri...@am...>
AMS Advanced Maintenance Systems Ltd.
Science Based Industry Campus
POB 23838, Jerusalem 91237,  Israel

Tel.        : +972-2-541-7449	Cell        : +972-54-259-850
Fax.        : +972-2-581-4448	US Toll-Free:  1-866-389-2001

Registered Linux User #166615 (http://counter.li.org)