[Bug 1029710] Amavisd fails to identify attached zipped files with .exe extensions

bugzilla at redhat.com bugzilla at redhat.com
Tue Jul 1 23:13:17 UTC 2014 

https://bugzilla.redhat.com/show_bug.cgi?id=1029710

Steve Tindall <s10dal at elrepo.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|needinfo?(s10dal at elrepo.org |
                   |)                           |



--- Comment #4 from Steve Tindall <s10dal at elrepo.org> ---
The initial "Description" (see above) may cause some confusion as to what bug I
am describing. Initially, I did not recognize the failure of amavisd to run 7za
as a SELinux denial and then in Comment 1 described the avc denial issues
causing the failure of 7za to list the contents of the zipped file.

On a macro level, I define the bug as amavisd failing to quarantine a mail with
a zipped exe attachment under SELinux Enforcing Policy.

By failure to reproduce the bug, do you mean that you created a zipped exe file
(as detailed above in Description), attached it to a mail, sent the mail and
observed the mail being quarantined/rejected under Enforcing Policy?

Also, the sender should get a rejection notice and a maillog entry containing
"...Blocked BANNED (.asc,contains_zip.exe)..." or similar text should be
present.


Yes, localamavisd is local SELinux policy described in Comment 1 that allows
7za to be called by amavisd. With localamavisd installed under Enforcing
Policy, mail with a zipped exe attachment is quarantined, whereas with
localamavisd removed, the mail is transmitted without being quarantined.


Other info:

# rpm -q amavisd-new p7zip selinux-policy selinux-policy-targeted
amavisd-new-2.8.0-8.el6.noarch
p7zip-9.20.1-2.el6.i686
selinux-policy-3.7.19-231.el6_5.3.noarch
selinux-policy-targeted-3.7.19-231.el6_5.3.noarch

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LPumoHKEuP&a=cc_unsubscribe

More information about the perl-devel mailing list