https://bugzilla.redhat.com/show_bug.cgi?id=1029710
--- Comment #9 from Steve Tindall <s10dal(a)elrepo.org> ---
Hum. This just gets stranger.
To summarize, my amavisd.conf used on your system correctly identifies and
blocks a zipped exe attachment, but fails to quarantine and send notification.
On my system, it fails to identify the zipped exe attachment unless I either
place the system in permissive mode or use SELinux local policy defined in
Comment 1 to correct the issues.
Your suggestions sounded interesting, but changing $QUARANTINEDIR as suggested
results in the same failure. Here are three definitions I tired (followed by
successful amavisd restarts):
1) $QUARANTINEDIR = "/var/virusmails";
2) $QUARANTINEDIR = undef; # -Q
3) $QUARANTINEDIR = "/var/spool/amavisd/quarantine";
...where:
# ls -dZ /var/spool/amavisd/quarantine
drwx------. amavis amavis system_u:object_r:amavis_spool_t:s0 \
/var/spool/amavisd/quarantine
Definitions: #1 is my original, #2 is the default definition and #3 is a
variation of your suggestion, if I understood it correctly.
The maillog error I see using option #3 is:
amavis[11452]: (11452-02) (!)Decoding of p002 \
(Zip archive data, at least v1.0 to extract) failed, \
leaving it unpacked: do_7zip: can't get a list of \
archive members: exit 6; at (eval 117) line 781.
I also tried using the distribution default amavisd.conf with only $mydomain
and $myhostname defined/altered and it also fail to detect the zipped exe
attachment.
All four tests gave basically the same message (i.e., failed to extract).
This is really strange.
Try looking at your 7za contexts:
# ls -dZ $(which 7za)
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 \
/usr/bin/7za
Beyond that, I would need to think about this a while for new ideas.
In case it is relavent, the system I am using for these tests is a development
system configured with a mysql backend (PostfixAdmin) and mailman configured to
service two custom mail lists. It runs on 32-bit Scientific Linux 6 as a
virtual machine under KVM.
# cat /etc/redhat-release
Scientific Linux release 6.5 (Carbon)
# uname -rpmi
2.6.32-431.20.3.el6.i686 i686 i686 i386
# rpm -q postfix dovecot amavisd-new clamav clamd p7zip mailman
postfix-2.6.6-6.el6_5.i686
dovecot-2.0.9-7.el6_5.1.i686
amavisd-new-2.8.0-8.el6.noarch
clamav-0.98.4-1.el6.i686
clamd-0.98.4-1.el6.i686
p7zip-9.20.1-2.el6.i686
mailman-2.1.12-18.el6.i686
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=SCOi4zg1IO&a=cc_unsubscribe