[AMaViS-user] Permitting winmail.dat in banned_filename_re

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

We're operating a corporate email server using postfiix + clamav +  
amavisd, but
running into a problem with Outlook clients.  We want to permit the  
winmail.dat file
through (despite the malicious payload risk) since most people here  
use Outlook.

With the following $banned_filename_re however, winmail.dat is still  
getting caught
as banned:

$banned_filename_re = new_RE(
   qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
   qr'^application/x-msdownload$'i,                  # block these  
MIME types
   qr'^application/x-msdos-program$'i,
   qr'^application/hta$'i,
   [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix- 
compressed
   [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such  
archives
   [ qr'^winmail\.dat$' => 0 ],  # allow winmail.dat

   qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension -  
basic

   qr'^\.(exe-ms)$',                       # banned file(1) types
   [ qr'winmail.dat'i => 0 ],  # allow winmail.dat
   qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
   [ qr'winmail.dat'i => 0 ],  # allow winmail.dat
);

The actual BANNED errors in syslog are:

Aug 17 06:50:28 email amavis[31818]: (31818-08) p.path BANNED:1:  
"P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/ms- 
tnef,T=tnef,N=winmail.dat", matching_key="(?-xism:^\\.(exe|lha|tnef| 
cab|dll)$)"

Aug 17 06:50:29 email amavis[31818]: (31818-08) Blocked BANNED  
(P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/ms- 
tnef,T=tnef,N=winmail.dat), [67.154.206.226] <se...@ne...> - 
 > <rec...@so...>,<rec...@so...>, quarantine:  
banned/banned-20050817-065028-31818-08, Message-ID: <!~! 
UENERkVCMDkAAQACAPgAAAAAAAAAOKG7EAXlEBqhuwgAKypWwgAAbXNwc3QuZGxsAAAAAABO 
SVRB+b 
+4AQCqADfZbgAAAABDADoAXABEAG8AYwB1AG0AZQBuAHQAcwAgAGEAbgBkACAAUwBlAHQAdA 
BpAG4AZwBzAFwAcwBiAGUAbgBuAGUAdAB0AFwATABvAGMAYQBsACAAUwBlAHQAdABpAG4AZw 
BzAFwAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAARABhAHQAYQBcAE0AaQBjAHIAbwBzAG8AZg 
B0AFwATwB1AHQAbABvAG8AawBcAE8AdQB0AGwAbwBvAGsALgBwAHMAdAAAABgAAAAAAAAATT 
j1Q4LX7UeqIqr9o1mOm8KAAAAYAAAAAAAAAE049UOC1+1HqiKq/ 
aNZjpuEqiAAAAAAABAAAAD4uBhnF7UKTJk 
+9ctuHnAsJQAAAEZXOiBOZXRTdGFyIFN5c3RlbXMgSW5jIEZsYXQgRmVlLnBkZgA=3D@nets 
tarsys.com>, Hits: -, 185 ms

Aug 17 06:50:29 email amavis[31818]: (31818-08) Blocked BANNED  
(P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/ms- 
tnef,T=tnef,N=winmail.dat), <se...@ne...> ->  
<rec...@so...>, Hits: -, tag=2, tag2=3.5, kill=7, 0/0/0/0

postfix 2.1.5
amavisd-new 2.2.1 (20041222)
clamav 0.86.1

Any advice?  Much appreciated.

-Justin