Enhancement #2689
Let amavisd PASS unchecked content
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-mail-filter | |||
Target version: | v6.5-final | |||
Resolution: | NEEDINFO: | No |
Description
A content is considered unchecked when some part is either:
- encrypted/scrambled/password protected
- an archive cannot be decoded, e.g when it is damaged
- further decoding is cancled because file or recursion
sanity limits are exceeded
- all virus scanners failed (this one is new with 2.7.0)
We currently set CC_UNCHECKED destiny to TEMPFAIL. Thus encrypted attachments never reach their destination.
We must let them PASS, as defined by the default Amavis policy, and add the *** UNCHECKED ***
prefix to them.
Also consider Google Mail: delivering of unchecked messages is allowed, provided that a warning is displayed to the user.
Moreover the virus_scanners_failure_is_fatal
flag should restore the temporary failure error, if all AV scanners fail (for instance on clamd
restarts).
Associated revisions
Pass CC_UNCHECKED content. Refs #2689
Restored amavis default policy:
- The UNCHECKED tag is added to the message subject
- Message is delivered
And a temporary failure is returned to SMTP client if all AV scanners
fail.
History
#1 Updated by Davide Principi over 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#2 Updated by Davide Principi over 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case 1
- Create a password protected zip file
- Attach it to a mail message
- Send the message to nethserver-mail-filter
The message must be delivered with *** UNCHECKED ***
subject
Test case 2
- Create a password protected zip file
- Attach it to a mail message
- Stop
clamd
on the server - Send the message to nethserver-mail-filter
A temporary error must be returned to the SMTP client
#3 Updated by Davide Principi over 7 years ago
In nethserver-testing:
nethserver-mail-filter-1.1.5-1.0gitd48c188f.ns6.noarch.rpm
#4 Updated by Davide Principi over 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
#5 Updated by Alessio Fattorini over 7 years ago
- Assignee set to Alessio Fattorini
#6 Updated by Alessio Fattorini over 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Davide Principi wrote:
Test case 1
- Create a password protected zip file
- Attach it to a mail message
- Send the message to nethserver-mail-filter
Created authorized_keys.zip protected with pwd
./swaks --server botolo.nethesis.it --to alessio@nethesis.it --helo alessio.nethesis.it --from pippo@nethesis.it --attach authorized_keys.zip
botolo amavis[13782]: (13782-01) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [192.168.5.19]:58158 [192.168.5.19] <pippo@nethesis.it> -> <alessio@nethesis.it>, mail_id: hbDf9S1SlbY5, Hits: -0.87, size: 1756, queued_as: C9E1441601, 1385 ms Mar 14 12:33:59 botolo postfix/smtpd[14115]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as C9E1441601; from=<pippo@nethesis.it> to=<alessio@nethesis.it> proto=ESMTP helo=<alessio.nethesis.it>
PASSED
Test case 2
- Create a password protected zip file
- Attach it to a mail message
- Stop
clamd
on the server- Send the message to nethserver-mail-filter
Stopped clamav, i obtain this line in maillog
Mar 14 12:36:18 botolo amavis[13785]: (13785-01) (!)WARN: all primary virus scanners failed, considering backups Mar 14 12:36:18 botolo amavis[13785]: (13785-01) (!!)AV: ALL VIRUS SCANNERS FAILED Mar 14 12:36:18 botolo amavis[13785]: (13785-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED Mar 14 12:36:18 botolo postfix/smtpd[14146]: proxy-reject: END-OF-MESSAGE: 451 4.5.0 Error in processing, id=13785-01, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED; from=<pippo@nethesis.it> to=<alessio@nethesis.it> proto=ESMTP helo=<alessio.nethesis.it> Mar 14 12:36:18 botolo postfix/smtpd[14146]: disconnect from alessio.nethesis.it[192.168.5.19] Mar 14 12:36:18 botolo amavis[13785]: (13785-01) (!)PRESERVING EVIDENCE in /var/spool/amavisd/tmp/amavis-20140314T123611-13785-vaVed9q2
On my client this warning:
<** 451 4.5.0 Error in processing, id=13785-01, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED -> QUIT <- 221 2.0.0 Bye
Temporary 451 received
VERIFIED
#7 Updated by Alessio Fattorini over 7 years ago
- Assignee deleted (
Alessio Fattorini)
#8 Updated by Davide Principi over 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-mail-filter-1.1.6-1.ns6.noarch.rpm