From: Richard G. <ric...@sw...> - 2007-03-29 23:57:15
|
Many thanks, reordering my rules had the desired effect, and using a higher log level gave me a better understanding of why the double-extensions rule was matching. Cheers Richard On Thursday 29 March 2007 23:05, Mark Martinec wrote: > Richard, > > > I've looked around the list archives, and the readme files, but have only > > found general pointers to this problem. Basically I want to allow certain > > when they are included in a zip file, but not if they are attached > > directly. > > [...] > > > I would expect the rule-7 bit to allow an exe file to be allowed within > > a zip file, however, I don't see the effect I hoped for. > > > > (14485-04) Blocked BANNED (P=p003,L=1,M=multipart/mixed | > > P=p002,L=1/2,M=application/x-zip,T=zip,N=openvpn-2.0.7-gui-1.0.3-install. > >zip > > > > | P=p0 04,L=1/2/1,T=exe,T=exe-ms,N=openvpn-2.0.7-gui-1.0.3-install.exe), > > It appears the entry was blocked because it matched the double-extensions > rule, which is above rule-7, so it takes precedence. Log level 1 (or 3) > would show more details on which rule matched, search for 'p.path' there. > It seems you need to resuffle the rules, move rule-7 higher or > rule for double-extensions lower. Or you may tighten up the > double-extensions rule. > > Mark |