As I have seen on that site, there are a lot of av programs that can’t detect this virus.
Maybe in a couple of days all of them will detect this virus.
Why are you so angry on NS when the virus passed also another filters that you have?
And, like Alessio said, why are you angry with those who try to help you?
Maybe all of them (us) have had a busy or a bad day and still trying to help those who need help.
Now, my interpretation of that, is quite funny. lol!
it is a bug of Template
I am not angry with NS, I don’t expect NS to block the file as a virus, I do expect NS to block the file as a zip or exe.
I am not angry, you are not reading what I post.
If those of you who believe I am angry or rude, actually read my exchanges with Filippo, you’ll should be able to understand that I am not angry and am not trying to be rude.
Regardless, I am now being dog-piled because everyone has taken offence.
And, now this thread is no longer about figuring out why NS isn’t blocking zips.
It is time for me to have lunch and see about creating another Custom Template.
Hmmmm… now I wonder if you’re serious and my interpretation was off, I should have another look.
Ehy guys we’re alla friend here … My post was just a remind… So go ahead and try to find the problem 
OH MY GOD
ALL IS BROKEN @giacomo @filippo_carletti
so in TEMPLATE we edit /etc/amavisd.conf
due to /etc/e-smith/templates/etc/amavisd.conf
but real config of amavisd it is in :
/etc/amavisd/amavisd.conf
SO
any part of Email -> Filter - does not apply
so in /etc/init.d/amavisd
change prog_config_file="/etc/amavisd/amavisd.conf"
to prog_config_file="/etc/amavisd.conf"
run service amavisd restart
@fasttech - try to implement and we look forward for result
@Nas Ahhhh… I’ve made no changes yet, I tried to use that same file to pre-test for before and after , so after bypassing the gateway av, now NS Clam rejects it as virus. I need a clean zip. grrrrr…
Sep 2 13:15:01 server9b amavis[10728]: (10728-07) Blocked INFECTED (Sanesecurity.Rogue.0hr.20150902-1354.UNOFFICIAL) {RejectedInbound,Quarantined}, [0.0.0.0]:42468 [0.0.0.0] email@email.com -> email2@email2.com, Message-ID: ff364a4d91f33d40662c2fa2250d69db@eamil2.com, mail_id: neuy0lagDJUd, Hits: -, size: 26274, 2500 ms
Sep 2 13:15:01 server9b transfer/smtpd[11155]: proxy-reject: END-OF-MESSAGE: 554 5.7.0 Reject, id=10728-07 - INFECTED: Sanesecurity.Rogue.0hr.20150902-1354.UNOFFICIAL; from=email@email.com to=email2@email2.com proto=ESMTP helo=<email.domain.net>
So I don’t understand, some part of amavis, Email > Filter works and some parts of it does not?
Certainly those two configs are different, vastly, etc/amavisd/amavisd.conf looks proper, etc/amavisd.conf looks sparse, but I am unfamiliar with what’s correct.
It’s going to take me time to verify this and I can’t spend anymore on it today, especially since this is a production server. Perhaps tomorrow.
it is reject by infection not for Amavis filter zip
show cat /etc/init.d/amavisd | grep amavisd.conf
ahhh, you responded too fast for my edit.
prog_config_file=“/etc/amavisd/amavisd.conf”
edit it to :
prog_config_file="/etc/amavisd.conf"
then run :
service amavisd restart
I will, but not today, I can no longer spend time on this, must move on to other fires, and this is production so I must implement snapshots and controls before any changes.
Thank you.
make it today pls it is 1 min for proceeding it and we close ticket or i should make research on it
yep but it does not affect on amavisd service. I have checked it already , try to make changes in /etc/amavisd.conf like $log_level = 5 and run service amavisd restart , then check /var/log/maillog
So, because of @filippo_carletti previous post about his setup example, I simple enabled Email > Filter > Custom List and added zip to the field.
log…
Sep 2 15:41:52 server9b amavis[12661]: (12661-01) Blocked BANNED (CLASS Arch:application/zip,.zip,Harber GroupKkeo0.zip)
This is the rejection msg to the sending email account.
SMTP error from remote mail server after end of data:
host email.com [0.0.0.0]: 554 5.7.0 Reject, id=12661-01 - BANNED:
CLASS Arch:application/zip,.zip,Harber GroupKkeo0.zip
and now…
[root@server9b ~]# config show amavisd
amavisd=service
AdminNotificationStatus=disabled
AvailableDecoders=mail,asc,uue,hqx,ync,F,Z,gz,bz2,lzo,rpm,cpio,tar,deb,zip,7z,rar,arj,arc,zoo,lha,doc,cab,tnef,exe
BlockAttachmentClassList=Exec,Arch
BlockAttachmentCustomList=zip
BlockAttachmentCustomStatus=enabled
BlockAttachmentStatus=enabled
EnabledDecoders=mail,asc,uue,hqx,ync,F,Z,gz,bz2,lzo,rpm,cpio,tar,deb,zip,7z,rar,arj,arc,zoo,lha,doc,cab,tnef,exe
MaxProcesses=4
RecipientWhiteList=
SenderBlackList=
SenderWhiteList=
SpamCheckStatus=disabled
SpamDsnLevel=20
SpamKillLevel=15.0
SpamSubjectPrefixStatus=disabled
SpamSubjectPrefixString=SPAM
SpamTag2Level=5.0
SpamTagLevel=2.0
TCPPorts=
VirusCheckStatus=enabled
status=enabled
So, this NS install is now blocking zips.
But, should not zip be part of Email > FIlter > Archive?
Is this list perhaps not being applied? I have only tested a zip file.
I have not applied the proposed config file change per Nas yet.