[Rspamd-Users] Multimap filter "extension" does recognize .laf as .exe
Thomas Plant
thomas at plant.systems
Wed May 6 08:26:01 UTC 2020
Hello, need help on this.
I have a multimap to detect certain file extension and to block them:
file_name_blacklisted {
type = "filename";
filter = "extension";
symbol = "FILE_NAME_BLACKLISTED";
map = "${LOCAL_CONFDIR}/maps/filename.map";
description = "List of forbidden filename extensions.";
}
Which I later combine in a force_action.conf to whitelist some
recipients who want receive every junk comes in.
But this is not the problem, I think.
When I send the file with the following name:
AG200413-20200430 Frontansicht PWC V2.LAF
I get the symbol configured above "FILE_NAME_BLACKLISTED" and thus the
mail is rejected by the force_action rule.
FILE_NAME_BLACKLISTED(0.00){exe;}
The maps/filename.map does not contain this extension. Here is its content:
bat
cmd
com
cpl
exe
jar
js
jse
lnk
lnk
msi
msp
pif
ps1
ps1xml
ps2
ps2xml
psc1
psc2
reg
scf
scr
vb
vbe
vbs
ws
wsc
wsf
wsh
iso
Mime Type of the seems correct to me:
--------------B0C7E10E0252B01A3CCFAC2F
Content-Type: application/octet-stream;
name="AG200413-20200430 Frontansicht PWC V2.LAF"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="AG200413-20200430 Frontansicht PWC V2.LAF"
MjAwMyBMYWZlciBTLnIubCBGYXN0T25lIC0gZmlsZSBWZXJzaW9uID02MCAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
If anybody could help me shade some light on this.
Thanks,
Thomas
More information about the Users
mailing list