https://bugzilla.redhat.com/show_bug.cgi?id=1029710
Juan Orti Alcaine <juan.orti(a)miceliux.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(s10dal(a)elrepo.org
| |)
--- Comment #5 from Juan Orti Alcaine <juan.orti(a)miceliux.com> ---
(In reply to Steve Tindall from comment #4)
On a macro level, I define the bug as amavisd failing to quarantine a
mail
with a zipped exe attachment under SELinux Enforcing Policy.
I'm also testing on the same SELinux policy version in enforced mode.
# rpm -q amavisd-new selinux-policy selinux-policy-targeted
amavisd-new-2.8.0-8.el6.noarch
selinux-policy-3.7.19-231.el6_5.3.noarch
selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
# semanage boolean -l |grep virus
antivirus_use_jit (off , off) Determine whether can antivirus
programs use JIT compiler.
antivirus_can_scan_system (off , off) Allow antivirus programs to read
non security files on a system
> By failure to reproduce the bug, do you mean that you created a
zipped exe
file (as detailed above in Description), attached it to a mail, sent the
mail and observed the mail being quarantined/rejected under Enforcing Policy?
I have zipped a couple of exe files with the method you describe, and they are
correctly uncompressed and blocked.
Also, the sender should get a rejection notice and a maillog entry
containing "...Blocked BANNED (.asc,contains_zip.exe)..." or similar text
should be present.
In my tests, the sender receives an informational email with the subject
"BANNED contents from you (...)"
Yes, localamavisd is local SELinux policy described in Comment 1 that
allows
7za to be called by amavisd. With localamavisd installed under Enforcing
Policy, mail with a zipped exe attachment is quarantined, whereas with
localamavisd removed, the mail is transmitted without being quarantined.
My amavis configuration is almost identical to stock, could you attach yours?
Could you test removing the localamavisd module and relabeling your system?
# semodule -r localamavisd
# touch /.autorelabel
# reboot
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=Fgonf3J3CS&a=cc_unsubscribe