1 (edited by gabriel 2014-08-05 21:54:43)

Topic: Banned Contents Alert .xlsx and .docx

======== Required information ====
- IRedMail Pro version: v1.8.2
- Store email accounts in Which backend (LDAP / MySQL / PGSQL): MySQL
- Linux / BSD distribution name and version: CentOS 6.5 x86_64 on Centos v6.5
====

I'm having problem sending email with attachments in. Xlsx,. Docx or even a file. Compressed zip MacOS

The error messages I get are:

BANNED CONTENTS ALERT

Our content checker found
banned name: docProps

and

BANNED CONTENTS ALERT

Our content checker found
banned name: __ MACOSX

Delivery of the email was stopped!

The message has been blocked because it contains a component
(as a MIME part or nested Within) with declared name
or MIME type or contents type violating our access policy.

To transfer contents que May Be Considered risky or unwanted
by site policies, or simply too large for mailing, please consider
publishing your content on the web, and only sending an URL of the
document to the recipient.

Depending on the recipient and sender site policies, with a little
effort it might still be possible to send any contents (including
viruses) using one of the methods Following:

- Encrypted using pgp, gpg or other encryption methods;

- Wrapped in a password-protected or scrambled container or archive
(eg: zip-e, arj-g, arc g, rar-p, or other methods)

Note que if the contents is not Intended to be secret, the
encryption key or password may be included in the same message
for recipient's convenience.

We are sorry for inconvenience if the contents was not malicious.

The purpose of these restrictions is to cut the most common propagation
methods used by viruses and other malware. Often these automatic exploit
mechanisms and security holes in more popular mail readers (Microsoft
mail readers and browsers are a common target). By Requiring an explicit
and decisive action from the recipient to decode mail, the danger of
automatic malware propagation is largely reduced.

The amavisd.conf configuration is as follows:

use strict; 

# A minimalistic configuration file for amavisd-new with all Necessary settings 
# 
# See amavisd.conf-default for a list of all variables with Their defaults; 
# For more details see documentation in INSTALL, README_FILES / * 
# And at [url]http://www.ijs.si/software/amavisd/amavisd-new-docs.html[/url] 


# Commonly ADJUSTED SETTINGS: 

# @ = Bypass_virus_checks_maps (1); # Controls running of anti-virus code 
# @ = Bypass_spam_checks_maps (1); # Controls running of anti-spam code 
Bypass_decode_parts # $ = 1; # Controls running of decoders & dearchivers 

$ max_servers = 2; # Num of pre-forked children (2 .. 30 is common),-m 
$ daemon_user = 'amavis'; # (The default; customary: vscan or amavis),-u 
$ daemon_group = 'amavis'; # (The default; customary: vscan or amavis),-g 

$ mydomain = "domain"; # = "Example.com"; # A convenient default for other settings 

$ MYHOME = '/ var / spool / amavisd'; # A convenient default for other settings,-H 
$ TEMPBASE = "$ MYHOME / tmp"; # Working directory, needs to exist,-T 
$ ENV {TMPDIR} = $ TEMPBASE; # Environment variable TMPDIR, used by SA, etc.. 
$ QUARANTINEDIR = "/ var / spool / amavisd / quarantine"; 
Quarantine_subdir_levels # $ = 1; # Add level of subdirs to disperse quarantine 
# $ Release_format = 'resend'; # 'Attach', 'plain', 'resend' 
# $ Report_format = 'arf'; # 'Attach', 'plain', 'resend', 'arf' 

# $ $ = Daemon_chroot_dir MYHOME; # Chroot directory or undef,-R 

$ db_home = "$ MYHOME / db"; # Dir for bdb nanny / cache / snmp databases,-D 
# $ Helpers_home = "$ MYHOME / var"; # Working directory for SpamAssassin,-S 
$ lock_file = "/ var / run / amavisd / amavisd.lock"; # L-
$ pid_file = "/ var / run / amavisd / amavisd.pid"; # P-
# NOTE: $ MYHOME create directories / tmp, $ MYHOME / var, $ MYHOME / db manually 

$ log_level = 0; # Verbosity 0 .. 5-d 
$ log_recip_templ = undef; # Disable by-recipient level-0 log entries 
do_syslog = $ 1; # Logging via syslogd (preferred) 
$ syslog_facility = 'mail'; # Syslog facility as a string 
            # Eg: mail, daemon, user, local0, ... local7 

enable_db = $ 1; # Enable use of BerkeleyDB / libdb (SNMP and nanny) 
Enable_zmq # $ = 1; # Enable use of ZeroMQ (SNMP and nanny) 
$ nanny_details_level = 2; # Nanny verbosity: 1: traditional, 2: detailed 
enable_dkim_verification = $ 1; # Enable DKIM signatures verification 
enable_dkim_signing = $ 1; # Load DKIM signing code, keys defined by dkim_key 

@ local_domains_maps = 1; 

@ mynetworks = qw (127.0.0.0 / 8 [:: 1] [FE80 ::] / 10 [FEC0 ::] / 10 
                   10.0.0.0 / 8 172.16.0.0/12 192.168.0.0/16); 

$ unix_socketname = "$ MYHOME / amavisd.sock"; # Amavis-milter amavisd-release or 
                # Option (s)-p overrides $ inet_socket_port and $ unix_socketname 

$ inet_socket_port = [10024, 9998]; 
# $ Inet_socket_port = [10024, 9998]; 

policy_bank $ {'MYNETS'} = {# mail Originating from @ mynetworks 
   Originating => 1, # is true in MYNETS by default, but let's make it explicit 
   os_fingerprint_method => undef, # do not query p0f for internal clients 
   allow_disclaimers => 1, # Enables disclaimer insertion if available 
}; 

# It is up to MTA to re-route mail from authenticated roaming users or 
# From internal hosts to a dedicated TCP port (such as 10026) for filtering 
interface_policy $ {'10026 '} =' ORIGINATING '; 

policy_bank $ {'ORIGINATING'} = {# mail supposedly Originating from our users 
   Originating => 1, # declare that mail was submitted by our smtp client 
   allow_disclaimers => 1, # Enables disclaimer insertion if available 
   # Notify administrator of locally Originating malware 
   virus_admin_maps => ["root \ @ $ mydomain"], 
   spam_admin_maps => ["root \ @ $ mydomain"], 
   warnbadhsender => 1 
   # Forward to a smtpd service providing DKIM signing service 
   forward_method => 'smtp: [127.0.0.1]: 10027', 
   # Force MTA conversion to 7-bit (eg before DKIM signing) 
   smtpd_discard_ehlo_keywords => [BITMIME '8 '] 
   bypass_banned_checks_maps => [1], # allow sending any file names and types 
   terminate_dsn_on_notify_success => 0, # do not remove NOTIFY = SUCCESS option 
}; 

interface_policy $ {'SOCK'} = 'AM.PDP-SOCK'; # Applies only with $ unix_socketname 

# Use with amavis-release over a socket or with Petr REHOR's amavis-milter.c 
# (With amavis-milter.c from this package or old amavis.c client use 'AM.CL'): 
policy_bank $ {'AM.PDP-SOCK'} = {
   protocol => 'AM.PDP' 
   auth_required_release => 0, # not require the secret_id for amavisd-release 
}; 

$ sa_tag_level_deflt = 2.0; # Add spam info headers if at, or above level que 
$ sa_tag2_level_deflt = 6.2; # Add 'spam detected' headers at level que 
$ sa_kill_level_deflt = 6.9; # Triggers spam evasive actions (eg blocks mail) 
sa_dsn_cutoff_level = $ 10; # Spam level beyond Which the DSN is not sent 
sa_crediblefrom_dsn_cutoff_level = $ 18; # Likewise, but for a valid Likely From 
# $ Sa_quarantine_cutoff_level = 25; # Spam level beyond Which quarantine is off 
penpals_bonus_score $ = 8; # (No effect without a @ storage_sql_dsn database) 
$ $ = penpals_threshold_high sa_kill_level_deflt; # Do not waste time on hi spam 
bounce_killer_score $ = 100; # Spam score points to add for joe-jobbed bounces 

$ sa_mail_body_size_limit = 400 * 1024; # Do not waste time on SA if mail is larger 
$ sa_local_tests_only = 0; # Only tests Which do not require internet access? 

# @ Lookup_sql_dsn = 
# (['DBI: mysql: database = mail, host = 127.0.0.1, port = 3306', 'user1', 'passwd1'] 
# ['DBI: mysql: database = mail; host = host2', 'username2', 'password2'] 
# ['DBI: SQLite: dbname = $ MYHOME / sql / mail_prefs.sqlite','','']); 
# @ @ = Storage_sql_dsn lookup_sql_dsn; # None, same, or separate database 
# @ Storage_redis_dsn = ({server => '127 .0.0.1:6379 'db_id => 1}); 
# $ Redis_logging_key = 'amavis-log'; 
# $ Redis_logging_queue_size_limit = 300000; # About 250 MB / 100000 

Timestamp_fmt_mysql # $ = 1; # If using MySQL * and * msgs.time_iso is TIMESTAMP;
# Defaults to 0, Which is good for non-MySQL or if msgs.time_iso is CHAR (16) 

$ virus_admin = undef; # Notifications recip. 

$ mailfrom_notify_admin = undef; # Notifications sender 
$ mailfrom_notify_recip = undef; # Notifications sender 
$ mailfrom_notify_spamadmin = undef; # Notifications sender 
$ mailfrom_to_quarantine =''; # Null return path; uses original sender if undef 

@ addr_extension_virus_maps = ('virus'); 
@ addr_extension_banned_maps = ('banned'); 
@ addr_extension_spam_maps = ('spam'); 
@ addr_extension_bad_header_maps = ('Badh'); 
# $ Recipient_delimiter = '+'; # Undef disables address extensions altogether 
# When enabling addr extensions DO ALSO postfix / main.cf: recipient_delimiter = + 

$ path = '/ usr / local / sbin :/ usr / local / bin :/ usr / sbin :/ sbin :/ usr / bin :/ bin'; 
# $ Dspam = 'dspam'; 

MAXLEVELS = $ 14; 
MAXFILES = $ 3000; 
$ MIN_EXPANSION_QUOTA = 100 * 1024; # Bytes (default undef, not enforced) 
$ MAX_EXPANSION_QUOTA = 500 * 1024 * 1024; # Bytes (default undef, not enforced) 

$ sa_spam_subject_tag = '*** SPAM ***'; 
defang_virus = $ 1; # MIME-wrap passed mail infected 
$ defang_banned = 0; # MIME-wrap passed mail containing banned name 
# Defanging for bad headers only turn on Certain minor contents categories: 
defang_by_ccat CC_BADH $ {"3".} = 1; # NUL or CR character in header 
defang_by_ccat CC_BADH $ {"5".} = 1; # Header line longer than 998 characters 
defang_by_ccat CC_BADH {$ "6".} = 1; # Header field syntax error 


# OTHER MORE COMMON SETTINGS (defaults may suffice): 

# $ Myhostname = 'host.example.com'; # Must be a fully-qualified domain name! 

# $ Notify_method = 'smtp: [127.0.0.1]: 10025'; 
# $ Forward_method = 'smtp: [127.0.0.1]: 10025'; # Set to undef with milter! 

# $ final_virus_destiny = D_DISCARD; 
# $ = final_banned_destiny D_BOUNCE; 
# $ final_spam_destiny = D_DISCARD; #! D_DISCARD / D_REJECT 
# $ = final_bad_header_destiny D_BOUNCE; 
# $ Bad_header_quarantine_method = undef; 

Os_fingerprint_method # $ = 'p0f: *: 2345'; # To query p0f-analyzer.pl 

# # Hierarchy by Which the final setting is chosen: 
# # Policy bank (based on port or IP address) -> * _by_ccat 
# # * _by_ccat (Based on mail contents) -> * _maps 
# # * _maps (Based on recipient address) -> end configuration value 


# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) 

# $ Warnbadhsender, 
# $ Warnvirusrecip, warnbannedrecip $, $ warnbadhrecip, (or @ warn * recip_maps) 
# 
Bypass_virus_checks_maps # @, @ bypass_spam_checks_maps, 
Bypass_banned_checks_maps # @, @ bypass_header_checks_maps, 
# 
Virus_lovers_maps # @, @ spam_lovers_maps, 
Banned_files_lovers_maps # @, @ bad_header_lovers_maps, 
# 
Blacklist_sender_maps # @, @ score_sender_maps, 
# 
# $ Clean_quarantine_method, virus_quarantine_to $, $ banned_quarantine_to, 
Bad_header_quarantine_to # $, $ spam_quarantine_to, 
# 
# $ Defang_bad_header, defang_undecipherable $, $ defang_spam 


# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS 

@ keep_decoded_original_maps = (new_RE (
   qr '^ MAIL $', # let virus scanner see full original message 
   qr '^ MAIL-undecipherable $', # same as ^ MAIL $ if mail is undecipherable 
   qr '^ (ASCII (cpio) |! text | uuencoded | xxencoded | binhex)' i, 
# Qr '^ Zip archive data', # do not trust Archive :: Zip 
)); 


$ banned_filename_re new_RE = (

# # # BLOCKED ANYWHERE 
# Qr '^ undecipherable $', # is or contains any undecipherable components 
qr '^ \ (ms-exe | dll). $', # banned file (1) types, rudimentary 

qr '^ \ (exe | zip | lha | tnef). $' i, 

qr'.\.(exe|vbs|pif|scr|cpl|dll|ade|adp|app|asp|bas|bat|cer|chm|cmd|com|cpl|crt|csh|der|exe|fxp|gadget|hlp|hta|inf|ins|isp|its|js|jse|ksh|lnk|mad|maf|mag|mam|maq|mar|mas|mat|mau|mav|maw|mda|mdb|mde|mdt|mdw|mdz|mp3|msc|msh|msh1|msh2|mshxml|msh1xml|msh2xml|msi|msp|mst|ops|pcd|pif|plg|prf|prg|pst|reg|scf|scr|sct|shb|shs|ps1|ps1xml|ps2|ps2xml|psc1|psc2|tmp|url|vb|vbe|vbs|vsmacros|vsw|ws|wsc|wsf|wsh|xnk)$'i,


# Qr '^ \ (exe | lha | cab | dll). $', # Banned file (1) types 

# # # BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: 
# [Qr '^ \ (gz | bz2). $' => 0], # allow any in gzip or bzip2 
   [Qr '^ \ (rpm | cpio | tar). $' => 0], # allow any in Unix-type archives 

   qr | i, # banned extensions - rudimentary '\ (pif scr) $..' 
# Qr '^ \. $ Zip', # zip block type 

# # # BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: 
# [Qr '^ \. (Zip | rar | arc | arj | zoo) $' => 0], # allow any Within these archives 

   qr '^ application / x-msdownload $' i, # block these MIME types 
   qr '^ application / x-msdos-program $' i, 
   qr '^ application / hta $' i, 

# Qr '^ message / partial $' i, # RFC2046 MIME type 
# Qr '^ message / external-body $' i, # RFC2046 MIME type 

# Qr '^ (application / x-msmetafile | image / x-wmf) $' i, # Windows Metafile MIME type 
# Qr '^ \. Wmf $', # Windows Metafile file (1) type 

   # Block Certain double extensions in filenames 
   qr '^ (cid :) * \ [^ /.] * [A-Za-z] [^ /.] * \ \ s * (exe |!... vbs | pif | scr | bat | cmd | com | cpl | [. \ s] dll) * $ 'i, 

# Qr '\ {[0-9a-f] {8} (- [0-9a-f] {4})} {3 - [0-9a-f] {12} \}?' I, # Class CLSID ID, strict 
# Qr '\ {[0-9a-z] {4} (- [0-9a-z] {4}) {0,7} \}?' I, # Class ID CLSID extension, loose 

# qr '\ (exe | vbs | pif | scr | cpl).. $' i, # banned extension - basic 
# qr '\ (exe | vbs | pif | scr | cpl).. $' i, # banned extension - basic 
Qr # i, # banned extension - basic cmd + '\ (exe | vbs | pif | scr | cpl | bat | | with cmd) $..' 
qr '\ (ade |.. adp | app | bas | bat | chm | cmd | com | cpl | crt | emf | exe | fxp | grp | hlp | hta | 
         inf | ini | ins | isp | js | jse | lib | lnk | mda | mdb | mde | mdt | mdw | mdz | msc | msi | 
         msp | mst | OCX | ops | pcd | pif | prg | reg | scr | sct | shb | shs | sys | vb | vbe | vbs | vxd | 
         wmf | wsc | wsf | wsh) $ 'ix, # banned extensions - long 
# Qr '\ (asd | asf | asx | url | vcs | wmd | wmz).. $' I, # Also consider 
# Qr '\ (ani | cur | ico).. $' I, # banned cursors and icons filename 
# Qr '^ \. Ani $', # banned animated cursor file (1) type 
Qr # i, # banned extension - WinZip vulnerab '\ (i | b64 | bhx | hqx | XXe | | uu uue) $..'. 
); 
# See [url]http://support.microsoft.com/default.aspx?scid=kb;[/url] EN-US; q262631 
# And [url]http://www.cknow.com/vtutor/vtextensions.htm[/url] 


# ENVELOPE SENDER SOFT-whitelisting / blacklisting SOFT-

@ score_sender_maps = ({# a by-recipient hash lookup table, 
                         # Results from all matching recipient tables are summed 

# # # Per-recipient personal tables (NOTE: positive: black, negative: white) 
# 'User1@example.com' => [{'bla-mobile.press @ example.com' => 10.0}] 
# 'User3@example.com' => [{'. Ebay.com' => -3.0}] 
# 'User4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, 
# '. Cleargreen.com' => -5.0}] 

   # # Site-wide opinions about senders (the '.' Any recipient matches) 
   '.' => [# The _first_ matching sender determines the score boost 

    new_RE (# regexp-type lookup table, just happens to be all soft-blacklist 
     [qr '^ (bulkmail | offers | cheapbenefits | earnmoney | foryou) @' i => 5.0], 
     [qr '^ (greatcasino | investments | lose_weight_today. | market \ alert) @' i => 5.0], 
     [qr '^ (money2you | MyGreenCard. | new \ tld \ registry. | opt-out | opt-in) @' i => 5.0], 
     [qr '^ (optin | saveonlsmoking2002k | Specialoffer | Promotional Items) @' i => 5.0], 
     [qr '^ (stockalert | stopsnoring | wantsome | workathome | yesitsfree) @' i => 5.0], 
     [qr '^ (your_friend | greatoffers) @' i => 5.0], 
     [qr '^ (inkjetplanet | marketopt | makemoney) \ d * @' i => 5.0], 
    ) 

# Read_hash ("/ var / amavis / sender_scores_sitewide") 

    {# A hash-type lookup table (associative array) 
      'nobody@cert.org' => -3.0, 
      'cert-advisory@us-cert.gov' => -3.0, 
      'owner-alert@iss.net' => -3.0, 
      'slashdot@slashdot.org' => -3.0, 
      'securityfocus.com' => -3.0, 
      'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 
      'security-alerts@linuxsecurity.com' => -3.0, 
      'mailman-announce-admin@python.org' => -3.0, 
      'amavis-user-admin@lists.sourceforge.net' => -3.0, 
      'amavis-user-bounces@lists.sourceforge.net' => -3.0, 
      'spamassassin.apache.org' => -3.0, 
      'notification-return@lists.sophos.com' => -3.0, 
      'owner-postfix-users@postfix.org' => -3.0, 
      'owner-postfix-announce@postfix.org' => -3.0, 
      'owner-sendmail-announce@lists.sendmail.org' => -3.0, 
      'sendmail-announce-request@lists.sendmail.org' => -3.0, 
      'donotreply@sendmail.org' => -3.0, 
      'envelope@sendmail.org + ca' => -3.0, 
      'noreply@freshmeat.net' => -3.0, 
      'owner-technews@postel.acm.org' => -3.0, 
      'ietf-123-owner@loki.ietf.org' => -3.0, 
      'cvs-commits-list-admin@gnome.org' => -3.0, 
      'rt-users-admin@lists.fsck.com' => -3.0, 
      'clp-request@comp.nus.edu.sg' => -3.0, 
      'surveys-errors@lists.nua.ie' => -3.0, 
      'emailnews@genomeweb.com' => -5.0, 
      'yahoo-dev-null@yahoo-inc.com' => -3.0, 
      'returns.groups.yahoo.com' => -3.0, 
      'clusternews@linuxnetworx.com' => -3.0, 
      lc ('lvs-users-admin@LinuxVirtualServer.org') => -3.0, 
      lc ('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, 

      # Soft-blacklisting (positive score) 
      'sender@example.net' => 3.0, 
      '. example.net' => 1.0, 

    } 
   ] Tables, # end of site-wide 
}); 


@ decoders = (
   ['mail', \ & do_mime_decode] 
# [[Qw (asc uue ync hqx)], \ & do_ascii], # not safe 
   ['F', \ & do_uncompress, ['unfreeze', 'freeze-d', 'melt', 'FCAT']], 
   ['Z', \ & do_uncompress, ['uncompress', 'gzip-d', 'zcat']], 
   ['gz', \ & do_uncompress, 'gzip-d'], 
   ['gz', \ & do_gunzip] 
   ['bz2', \ & do_uncompress, 'bzip2-d'], 
   ['xz', \ & do_uncompress, 
            ['xzdec', 'xz-dc', 'unxz-c', 'xzcat']], 
   ['lzma', \ & do_uncompress, 
            ['lzmadec', 'xz-dc - format = lzma' 
             'lzma-dc', 'unlzma-c', 'lzcat', 'lzmadec']], 
   ['lrz', \ & do_uncompress, 
            ['lrzip-q-k-d-o -', 'lrzcat-q-k]], 
   ['lzo', \ & do_uncompress, 'lzop-d'], 
   ['rpm', \ & do_uncompress, ['rpm2cpio.pl', 'rpm2cpio']], 
   [['cpio', 'tar'], \ & do_pax_cpio, ['sleeps', 'gcpio', 'cpio']], 
            # ['/ Usr/local/heirloom/usr/5bin/pax', 'sleeps', 'gcpio', 'cpio'] 
   ['deb', \ & do_ar, 'ar'] 
# ['A', \ & do_ar, 'ar'], # unpacking. Seems an overkill to 
   ['rar', \ & do_unrar, ['unrar', 'zip']], 
   ['arj', \ & do_unarj, ['unarj', 'arj']], 
   ['arc', \ & do_arc, ['nomarch', 'arc']], 
   ['zoo', \ & do_zoo, ['zoo', 'unzoo']], 
# ['Doc', \ & do_ole, 'ripole'], # ripole the package so far 
   ['cab', \ & do_cabextract, 'cabextract'] 
# ['Tnef', \ & do_tnef_ext, 'tnef'], # use internal do_tnef () instead 
   ['tnef', \ & do_tnef] 
# ['Lha', \ & do_lha, 'lha'], # not safe, use 7z instead 
# ['Sit', \ & do_unstuff, 'unstuff'], # not safe 
   [['zip', 'kmz'], \ & do_7zip, ['7 za ', '7 z']], 
   [['zip', 'kmz'], \ & do_unzip] 
   ['7 Z ', \ & do_7zip, ['7 zr', '7 za ', '7 z']], 
   [[qw (zip 7z tar gz bz2 Z)], 
            \ & do_7zip [za '7 ', '7 z']] 
   [[qw (xz lzma jar cpio lha arj rar swf iso cab deb rpm)] 
            \ & do_7zip, '7 z '], 
   ['exe', \ & do_executable, ['unrar', 'zip'], 'lha', ['unarj', 'arj']], 
); 
$ sa_debug = 0; 
# Set hostname. 
$ myhostname = "domain"; 

# Set listen IP / PORT. 
$ notify_method = 'smtp: [127.0.0.1]: 10025'; 
$ forward_method = 'smtp: [127.0.0.1]: 10025'; 

# Set default action. 
# Available actions: D_PASS, D_BOUNCE, D_REJECT, D_DISCARD. 
$ final_virus_destiny = D_DISCARD; 
$ final_banned_destiny = D_BOUNCE; 
$ final_spam_destiny = D_PASS; 
$ final_bad_header_destiny = D_PASS; 

@ av_scanners = (

     # # # # [url=http://Http://www.clamav.net/]Http://www.clamav.net/[/url] 
     ['ClamAV-clamd', 
     \ & ask_daemon, ["CONTSCAN {} \ n", "/ tmp / clamd.socket"] 
     qr / \ bOK $ /, qr / \ bFOUND $ /, 
     qr / ^ *:. (! Infected Archive) (. *) FOUND $ /], 
); 

@ av_scanners_backup = (

     # # # [url=http://Http://www.clamav.net/]Http://www.clamav.net/[/url] - backs up clamd or Mail :: ClamAV 
     ['ClamAV-clamscan', 'clamscan', 
     "- stdout - disable-summary-r - tempdir = $ TEMPBASE {}", [0], [1], 
     qr / ^ *:. (! Infected Archive) (. *) FOUND $ /], 
); 

# This policy will perform virus checks only. 
interface_policy # $ {'10026 '} = "VIRUSONLY'; 
# $ {policy_bank 'VIRUSONLY'} = {# mail from the pickup daemon 
Bypass_spam_checks_maps # => [1], # do not spam-check this mail 
Bypass_banned_checks_maps # => [1], # do not banned-check this mail 
Bypass_header_checks_maps # => [1], # do not header-check this mail 
#}; 

# Allow SASL authenticated users to bypass scanning. Typically SASL 
# Users already submit messages to the submission port (587) or the 
# Smtps port (465): 
interface_policy # $ {'10026 '} = "SASLBYPASS'; 
# $ {policy_bank 'SASLBYPASS'} = {# mail from submission and smtps ports 
Bypass_spam_checks_maps # => [1], # do not spam-check this mail 
Bypass_banned_checks_maps # => [1], # do not banned-check this mail 
Bypass_header_checks_maps # => [1], # do not header-check this mail 
#}; 

# Which Apply to emails coming from internal networks or authenticated 
# Roaming users. 
# Mail supposedly Originating from our users 
policy_bank $ {'MYUSERS'} = {
     # Declare that mail was submitted by our smtp client 
     Originating => 1 

     # Enables disclaimer insertion if available 
     allow_disclaimers => 1 

     # Notify administrator of locally Originating malware 
     virus_admin_maps => ["root \ @ $ mydomain"], 
     spam_admin_maps => ["root \ @ $ mydomain"], 

     # Forward to a smtpd service providing DKIM signing service 
     # forward_method => 'smtp: [127.0.0.1]: 10027', 

     # Force MTA conversion to 7-bit (eg before DKIM signing) 
     smtpd_discard_ehlo_keywords => [BITMIME '8 '] 

     # Do not remove NOTIFY = SUCCESS option 
     terminate_dsn_on_notify_success => 0, 

     # Do not perform spam / virus / header check. 
     bypass_spam_checks_maps # => [1], 
     bypass_virus_checks_maps # => [1], 
     bypass_header_checks_maps # => [1], 

     # Allow sending any file names and types 
     bypass_banned_checks_maps # => [1], 

     # Quarantine clean messages 
     # clean_quarantine_method => 'sql', 
     # final_destiny_by_ccat => {CC_CLEAN, D_DISCARD} 
}; 

# Regular incoming mail, Originating from anywhere (usually from outside) 
# $ {policy_bank 'EXT'} = {
# # Just use global settings, no special overrides 
#}; 

# 
# Port used to release quarantined mails. 
# 
interface_policy $ {'9998 '} =' AM.PDP-INET '; 
policy_bank $ {'AM.PDP-INET'} = {
     protocol => 'AM.PDP', # select Amavis policy delegation protocol 
     inet_acl => [qw (127.0.0.1 [:: 1])], # restrict access to these IP addresses 
     auth_required_release => 1, # 0 - do not require secret_id for amavisd-release 
     # log_level => 4 
     # always_bcc_by_ccat => {CC_CLEAN 'admin@example.com'}, 
}; 

# # # # # # # # # # # # # # # # # # # # # # # # # 
# Quarantine mails. 
# 

# Do not quarantine emails with bad header. 
$ bad_header_quarantine_method = undef; 

# Quarantine SPAM. 
# Where to store quarantined mail message: 
# - 'Local: spam-% m-% i', quarantine mail on the local file system. 
# - 'Sql:' mail quarantine in SQL server specified in @ storage_sql_dsn. 
# - Undef, not quarantine the mail. 
$ spam_quarantine_method = undef; 
# $ spam_quarantine_method = 'sql'; 
# $ spam_quarantine_to = 'spam-quarantine'; 

# # # # # # # # # # # # # # # # # # # # # # # # # 
# Quarantine VIRUS mails. 
# 
# $ virus_quarantine_to = 'virus-quarantine'; 
# $ virus_quarantine_method = 'sql'; 

# # # # # # # # # # # # # # # # # # # # # # # # # 
# Quarantine BANNED mails. 
# 
$ banned_files_quarantine_method = undef; 
# Or quarantine banned mail to SQL server. 
# $ banned_files_quarantine_method = 'sql'; 
# $ banned_quarantine_to = 'banned-quarantine'; 

# # # # # # # # # # # # # # # # # # # # # # # # # 
# Quarantine CLEAN mails. 
# Do not forget to enable clean quarantine in policy bank 'MYUSERS'. 
# 
# = 'Sql'; 
# = 'Clean-quarantine'; 

# Modify email subject, add '$ sa_spam_subject_tag'. 
# 0: disable 
# 1: enable 
sa_spam_modifies_subj = $ 1; 

# Remove existing headers 
# $ remove_existing_x_scanned_headers = 0; 
# $ remove_existing_spam_headers = 0; 

# Leave empty (undef) to add the header. 
# Modify / usr / sbin / amavisd or / usr / sbin / amavisd-new add file to customize header in: 
# 
# Sub add_forwarding_header_edits_per_recip 
# 
# $ X_HEADER_TAG = 'X-Virus-Scanned'; 
# $ X_HEADER_LINE = "by amavisd at $ myhostname"; 

# Notify virus sender? 
# $ warnvirussender = 0; 

# Notify spam sender? 
# $ warnspamsender = 0; 

# Notify sender of banned files? 
$ warnbannedsender = 0; 

# Notify sender of syntactically invalid header containing non-ASCII characters? 
$ warnbadhsender = 0; 

# Notify virus (or banned files) RECIPIENT? 
# (Not very useful, but some policies demand it) 
$ warnvirusrecip = 0; 
$ warnbannedrecip = 0; 

# Also Notify non-local virus / banned recipients if $ warn * recip is true? 
# (Including Those not matching local_domains *) 
$ warn_offsite = 0; 

# $ notify_sender_templ Read_Text = ('/ var / amavis / notify_sender.txt'); 
# $ notify_virus_sender_templ Read_Text = ('/ var / amavis / notify_virus_sender.txt'); 
# $ notify_virus_admin_templ Read_Text = ('/ var / amavis / notify_virus_admin.txt'); 
# $ notify_virus_recips_templ Read_Text = ('/ var / amavis / notify_virus_recips.txt'); 
# $ notify_spam_sender_templ Read_Text = ('/ var / amavis / notify_spam_sender.txt'); 
# $ notify_spam_admin_templ Read_Text = ('/ var / amavis / notify_spam_admin.txt'); 

sql_allow_8bit_address = $ 1; 
timestamp_fmt_mysql = $ 1; 

# A string to prepend to Subject (is local recipients only) if mail Could 
# Not be decoded or checked entirely, eg due to password-protected archives 
# $ undecipherable_subject_tag = '*** UNCHECKED ***'; # Undef disables it 
$ undecipherable_subject_tag = undef; 
# Hope to fix 'nested MAIL command' issue on high server load. 
$ smtp_connection_cache_enable = 0; 

# The default set of header fields to be signed can be controlled 
#% By setting signed_header_fields elements to true (to sign) or 
# To false (not to sign). Keys must be in lowercase, eg: 
# 0 -> off 
# 1 -> on 
signed_header_fields $ {'received'} = 0; 
signed_header_fields {$ 'to'} = 1; 

# Make sure it sings all inbound emails, avoid error log like this: 
# 'Dkim: not signing inbound mail'. 
$ Originating = 1; 

# Add dkim_key here. 
dkim_key ("gafernandes.com.br", "dkim", "/ var / lib / dkim / gafernandes.com.br.pem"); 
dkim_key ("clarotemtudo.com.br", "dkim", "/ var / lib / dkim / clarotemtudo.com.br.pem"); 


# Note que signing mail for subdomains with a key of the parent 
# Domain is treated by recipients as a third-party key, Which 
# May 'hold less merit' in Their Eyes. If one has a choice, 
# It is better to publish a key for each domain (eg host1.a.cn) 
# If mail is really coming from it. Sharing a pem file 
# For multiple domains may be acceptable, so you do not need 
# To generate a different key for each subdomain, but you 
# The need to publish it in each subdomain. It is probably 
# Easier to avoid sending addresses like host1.a.cn and 
# Always use the parent domain (a.cn) in 'From:' Thus 
# Avoiding the issue altogether. 
# dkim_key ("host1.gafernandes.com.br", "dkim", "/ var / lib / dkim / gafernandes.com.br.pem"); 
# dkim_key ("host3.gafernandes.com.br", "dkim", "/ var / lib / dkim / gafernandes.com.br.pem"); 

# Add new dkim_key for other domain. 
# dkim_key ('Your_New_Domain_Name', 'dkim', 'Your_New_Pem_File'); 

@ dkim_signature_options_bysender_maps = ({
     # ------------------------------------ 
     # For domain: gafernandes.com.br. 
     # ------------------------------------ 
     # 'D' defaults to the domain of an author / sender address, 
     # 'S' defaults to whatever selector is Offered by matching the key 

     # 'postmaster@gafernandes.com.br' => {d => "gafernandes.com.br", a => 'rsa-sha256', ttl => 7 * 24 * 3600}, 
     # "spam-reporter@gafernandes.com.br" => {d => "gafernandes.com.br", a => 'rsa-sha256', ttl => 7 * 24 * 3600}, 

     # Explicit 'd' forces a third-party signature on foreign (hosted) domains 
     "gafernandes.com.br" => {d => "gafernandes.com.br", a => 'rsa-sha256', ttl => 10 * 24 * 3600}, 
     # "host1.gafernandes.com.br" => {d => "host1.gafernandes.com.br", a => 'rsa-sha256', ttl => 10 * 24 * 3600}, 
     # "host2.gafernandes.com.br" => {d => "host2.gafernandes.com.br", a => 'rsa-sha256', ttl => 10 * 24 * 3600}, 
     # ---- End domain: gafernandes.com.br ---- 

     # Catchall defaults 
     '.' => {A => 'rsa-sha256', c => 'relaxed / simple', ttl => 30 * 24 * 3600}, 
}); 
# ------------ Disclaimer Setting --------------- 
# Uncomment this line to enable singing disclaimer in outgoing emails. 
# $ defang_maps_by_ccat CC_CATCHALL {+} = ['disclaimer']; 

# Program used to signing disclaimer in outgoing emails. 
$ altermime = '/ usr / bin / altermime'; 

Disclaimer # formart in plain text. 
@ altermime_args_disclaimer = qw (- disclaimer = / etc / postfix / disclaimer / _OPTION_.txt - disclaimer-html = / etc / postfix / disclaimer / _OPTION_.txt - force-is-bad-html); 

@ disclaimer_options_bysender_maps = ({
     # Per-domain disclaimer setting: / etc/postfix/disclaimer/host1.iredmail.org.txt 
     # 'host1.iredmail.org' => 'host1.iredmail.org' 

     # Sub-domain disclaimer setting: / etc / postfix / disclaimer / iredmail.org.txt 
     # '. iredmail.org' => 'iredmail.org' 

     # Per-user setting disclaimer: / etc / postfix / disclaimer / boss.iredmail.org.txt 
     # 'boss@iredmail.org' => 'boss.iredmail.org' 

     # Catch-all disclaimer setting: / etc / postfix / disclaimer / default.txt 
     '.' => 'Default', 
}); 
# ------------ Disclaimer Setting --------------- End 
@ storage_sql_dsn = (
     ['DBI: mysql: database = amavisd, host = 127.0.0.1, port = 3306', 'amavisd', 'W0lw7uci37hAOUYgVDYBwZfrxR4Vmz'] 
); 
# Uncomment below two lines to lookup virtual mail domains from MySQL database. 
# @ lookup_sql_dsn = (
# ['DBI: mysql: database = vmail, host = 127.0.0.1, port = 3306', 'vmail', '35kJPNFQxIF7qOI2Fd9Hxzna2rKUse '] 
#); 
# For Amavisd-new-2.7.0 and later versions. Placeholder '% d' is available in Amavisd-2.7.0 +. 
# $ sql_select_policy = "SELECT domain FROM domain WHERE domain = '% d'"; 

# For Amavisd-new-2.6.x. 
# WARNING: IN () may cause MySQL lookup performance issue. 
# $ sql_select_policy = "SELECT domain FROM domain WHERE CONCAT (" @ ", domain) IN (% k) '; 
admin_maps_by_ccat delete $ {&} CC_UNCHECKED; 

# Num of pre-forked children. 
# WARNING: It must match (equal to or larger than) the number set in 
# / Etc / postfix / master.cf "maxproc" column for the 'smtp-amavis' service. 
max_servers = $ 10; 

one; # Insure a defined return 

I searched the forum and on the internet somehow unlock this file type but found nothing.
Could anyone help me?

Very grateful.

2

Re: Banned Contents Alert .xlsx and .docx

All banned file names are defined in parameter "$banned_filename_re", please find the one matches banned one, and remove/comment out it.