Hello,
I have a rule that's removing attachment when it's detected as "dangerous". The rule trigger on "what objects" with various content type filters, archive filters and match filename.
When an attachment is removed this log something like that:
The logging doesn't give me any hint about why it's blocked. The powerpoint attachement is not classified dangerous (filename, mimetype is allowed). I guess something inside the archive triggered the blocking but I have no way to tell. Is it logged somewhere else?
I'm still currently using release 8.2.6, not upgraded to 9.x yet!
Thanks.
I have a rule that's removing attachment when it's detected as "dangerous". The rule trigger on "what objects" with various content type filters, archive filters and match filename.
When an attachment is removed this log something like that:
Code:
Dec 2 23:32:33 mailgw pmg-smtp-filter[433494]: E0A4A692FBD547D9BA: found archive 'some-file-name.pptx' (application/zip)
Dec 2 23:32:34 mailgw pmg-smtp-filter[433494]: E0A4A692FBD547D9BA: unpack archive 'some-file-name.pptx' done (321 ms)
Dec 2 23:32:35 mailgw pmg-smtp-filter[433494]: E0A4A692FBD547D9BA: SA score=0/5 time=1.038 bayes=0.00 autolearn=ham autolearn_force=no hits=ARC_SIGNED(0.001),ARC_VALID(0.001),AWL(0.057),BAYES_00(-1.9),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DMARC_PASS(-0.1),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_UNSUB1(0.1),RCVD_IN_DNSWL_LOW(-0.7),RCVD_IN_VALIDITY_CERTIFIED_BLOCKED(0.001),RCVD_IN_VALIDITY_RPBL_BLOCKED(0.001),RCVD_IN_VALIDITY_SAFE_BLOCKED(0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Dec 2 23:32:35 mailgw pmg-smtp-filter[433494]: E0A4A692FBD547D9BA: removed attachment 7 ('some-file-name.pptx', rule: Bloque les fichiers dangereux)The logging doesn't give me any hint about why it's blocked. The powerpoint attachement is not classified dangerous (filename, mimetype is allowed). I guess something inside the archive triggered the blocking but I have no way to tell. Is it logged somewhere else?
I'm still currently using release 8.2.6, not upgraded to 9.x yet!
Thanks.