Subject: amavisd-new: Banned rule "Windows Class ID ext. - CLSID" side effect
Date: Mon, 16 Jul 2007 09:16:51 +0200
Package: amavisd-new
Version: 1:2.4.2-6.1
Severity: minor
Banned rule CLSID is enabled by default. Rule matchs mail with spam in
attachment. Problem is that rule match attachment with name "{Spam?}".
User1 mails to user2. Mail system marks valid mail as spam. User2 resent mail
in attachment to Administrator, but mail system block mail, bacause
match CLSID rule.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages amavisd-new depends on:
ii adduser 3.102 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii file 4.17-5etch1 Determines file type using "magic"
ii libarchive-tar-perl 1.30-2 Archive::Tar - manipulate tar file
ii libarchive-zip-perl 1.16-1 Module for manipulation of ZIP arc
ii libberkeleydb-perl 0.31-1 use Berkeley DB 4 databases from P
ii libcompress-zlib-perl 1.42-2 Perl module for creation and manip
ii libconvert-tnef-perl 0.17-5 Perl module to read TNEF files
ii libconvert-uulib-perl 1.06-1 Perl interface to the uulib librar
pn libdigest-md5-perl <none> (no description available)
ii libio-stringy-perl 2.110-2 Perl5 modules for IO from scalars
ii libmailtools-perl 1.74-1 Manipulate email in perl programs
pn libmime-base64-perl <none> (no description available)
ii libmime-perl 5.420-0.1 Perl5 modules for MIME-compliant m
ii libnet-server-perl 0.94-1 An extensible, general perl server
ii libunix-syslog-perl 0.100-5 Perl interface to the UNIX syslog(
ii perl [libtime-hires-perl] 5.8.8-7 Larry Wall's Practical Extraction
ii perl-modules [libnet-perl] 5.8.8-7 Core Perl modules
ii postfix [mail-transport-agen 2.3.8-2+b1 A high-performance mail transport
amavisd-new recommends no packages.
-- debconf information excluded
Subject: Re: Bug#433295: amavisd-new: Banned rule "Windows Class ID ext. -
CLSID" side effect
Date: Mon, 16 Jul 2007 12:13:19 -0300
On Mon, 16 Jul 2007, Polish wrote:
> Package: amavisd-new
> Version: 1:2.4.2-6.1
> Severity: minor
>
> Banned rule CLSID is enabled by default. Rule matchs mail with spam in
> attachment. Problem is that rule match attachment with name "{Spam?}".
>
> User1 mails to user2. Mail system marks valid mail as spam. User2 resent mail
> in attachment to Administrator, but mail system block mail, bacause
> match CLSID rule.
Would you take just documentation of this issue as a valid fix? I am
severely inclined to prefer blocking a big class of attacks on windows
platforms in amavisd-new over letting email with weird crap as an attachment
name...
I don't know if fixing the regex to require numbers after the '?' would work
well as a fix (we must not make it fail to match any CLSID attacks). Brian?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Subject: Re: Bug#433295: amavisd-new: Banned rule "Windows Class ID ext. -
CLSID" side effect
Date: Mon, 16 Jul 2007 18:45:56 +0200 (CEST)
Hi all,
Yes or to advise use another marks for spam, we are using
{Spam?}, something else not be problematic.
Best regards Polish
--
**********************************************************
* starnem a porad nic, rozum jako kdyby se nam vyhybal *
**********************************************************
On Mon, 16 Jul 2007, Henrique de Moraes Holschuh wrote:
> On Mon, 16 Jul 2007, Polish wrote:
>> Package: amavisd-new
>> Version: 1:2.4.2-6.1
>> Severity: minor
>>
>> Banned rule CLSID is enabled by default. Rule matchs mail with spam in
>> attachment. Problem is that rule match attachment with name "{Spam?}".
>>
>> User1 mails to user2. Mail system marks valid mail as spam. User2 resent mail
>> in attachment to Administrator, but mail system block mail, bacause
>> match CLSID rule.
>
> Would you take just documentation of this issue as a valid fix? I am
> severely inclined to prefer blocking a big class of attacks on windows
> platforms in amavisd-new over letting email with weird crap as an attachment
> name...
>
> I don't know if fixing the regex to require numbers after the '?' would work
> well as a fix (we must not make it fail to match any CLSID attacks). Brian?
>
> --
> "One disk to rule them all, One disk to find them. One disk to bring
> them all and in the darkness grind them. In the Land of Redmond
> where the shadows lie." -- The Silicon Valley Tarot
> Henrique Holschuh
>
Acknowledgement sent
to "USPS Parcels Delivery" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Brian May <[email protected]>.
(Sun, 01 Jan 2017 13:18:02 GMT) (full text, mbox, link).
Dear Customer,
USPS courier was unable to contact you for your parcel delivery.
Review the document that is attached to this e-mail!
With sincere thanks,
Adrian Bird,
USPS Parcels Delivery Manager.
Acknowledgement sent
to "FedEx Support Management" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Brian May <[email protected]>.
(Wed, 04 Jan 2017 22:00:02 GMT) (full text, mbox, link).
Dear Customer,
Your item has arrived at the FedEx Post Office at January 04, but the courier was unable to deliver parcel to you.
Please check the attachment for complete details!
Kind thanks,
Salvador Ellis,
Station Manager.
Acknowledgement sent
to "USPS Delivery" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Brian May <[email protected]>.
(Thu, 05 Jan 2017 10:57:03 GMT) (full text, mbox, link).
Dear Customer,
We can not deliver your parcel arrived at January 03.
Please check the attachment for details!
Sincerely,
Don Hopkins,
USPS Chief Station Manager.
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.