https://bugzilla.redhat.com/show_bug.cgi?id=1029710 Juan Orti Alcaine <juan.orti@xxxxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(s10dal@xxxxxxxxxx | |) --- Comment #5 from Juan Orti Alcaine <juan.orti@xxxxxxxxxxxx> --- (In reply to Steve Tindall from comment #4) > On a macro level, I define the bug as amavisd failing to quarantine a mail > with a zipped exe attachment under SELinux Enforcing Policy. I'm also testing on the same SELinux policy version in enforced mode. # rpm -q amavisd-new selinux-policy selinux-policy-targeted amavisd-new-2.8.0-8.el6.noarch selinux-policy-3.7.19-231.el6_5.3.noarch selinux-policy-targeted-3.7.19-231.el6_5.3.noarch # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted # semanage boolean -l |grep virus antivirus_use_jit (off , off) Determine whether can antivirus programs use JIT compiler. antivirus_can_scan_system (off , off) Allow antivirus programs to read non security files on a system > > By failure to reproduce the bug, do you mean that you created a zipped exe > file (as detailed above in Description), attached it to a mail, sent the > mail and observed the mail being quarantined/rejected under Enforcing Policy? I have zipped a couple of exe files with the method you describe, and they are correctly uncompressed and blocked. > > Also, the sender should get a rejection notice and a maillog entry > containing "...Blocked BANNED (.asc,contains_zip.exe)..." or similar text > should be present. In my tests, the sender receives an informational email with the subject "BANNED contents from you (...)" > Yes, localamavisd is local SELinux policy described in Comment 1 that allows > 7za to be called by amavisd. With localamavisd installed under Enforcing > Policy, mail with a zipped exe attachment is quarantined, whereas with > localamavisd removed, the mail is transmitted without being quarantined. My amavis configuration is almost identical to stock, could you attach yours? Could you test removing the localamavisd module and relabeling your system? # semodule -r localamavisd # touch /.autorelabel # reboot -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Fgonf3J3CS&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
