From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 78957654CD for ; Mon, 7 Mar 2022 11:08:06 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6BA6825C65 for ; Mon, 7 Mar 2022 11:07:36 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 76B0025C38 for ; Mon, 7 Mar 2022 11:07:35 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 4E383463B7 for ; Mon, 7 Mar 2022 11:07:35 +0100 (CET) From: Dominik Csapak To: pmg-devel@lists.proxmox.com Date: Mon, 7 Mar 2022 11:07:33 +0100 Message-Id: <20220307100733.2092889-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.153 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pmg-devel] [PATCH pmg-api] fix duplicate 'x-ms-dos-executable' in default 'Dangerous Content' object X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2022 10:08:06 -0000 it was in there twice. Fixes also the testdb.txt test (there it can be seen that there is still an entry with the same filter) Signed-off-by: Dominik Csapak --- src/PMG/DBTools.pm | 2 -- src/tests/testdb.txt | 57 ++++++++++++++++++++++---------------------- 2 files changed, 28 insertions(+), 31 deletions(-) diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm index d53711f..bd35d2c 100644 --- a/src/PMG/DBTools.pm +++ b/src/PMG/DBTools.pm @@ -674,8 +674,6 @@ sub init_ruledb { $ruledb->group_add_object($exe_content, $obj); $obj = PMG::RuleDB::ContentTypeFilter->new('application/x-executable'); $ruledb->group_add_object($exe_content, $obj); - $obj = PMG::RuleDB::ContentTypeFilter->new('application/x-ms-dos-executable'); - $ruledb->group_add_object($exe_content, $obj); $obj = PMG::RuleDB::ContentTypeFilter->new('message/partial'); $ruledb->group_add_object($exe_content, $obj); $obj = PMG::RuleDB::MatchFilename->new('.*\.(vbs|pif|lnk|shs|shb)'); diff --git a/src/tests/testdb.txt b/src/tests/testdb.txt index dc08df8..794aa15 100644 --- a/src/tests/testdb.txt +++ b/src/tests/testdb.txt @@ -2,35 +2,34 @@ Found RULE 4: Blacklist FOUND FROM GROUP 1: Blacklist OBJECT 1: nomail@fromthisdomain.com FOUND ACTION GROUP 17: Block - OBJECT 31: block message + OBJECT 30: block message Found RULE 2: Block Viruses FOUND WHAT GROUP 8: Virus - OBJECT 22: active + OBJECT 21: active FOUND ACTION GROUP 17: Block - OBJECT 31: block message + OBJECT 30: block message FOUND ACTION GROUP 19: Notify Admin - OBJECT 33: notify __ADMIN__ + OBJECT 32: notify __ADMIN__ Found RULE 3: Virus Alert FOUND WHAT GROUP 8: Virus - OBJECT 22: active + OBJECT 21: active FOUND ACTION GROUP 17: Block - OBJECT 31: block message + OBJECT 30: block message FOUND ACTION GROUP 19: Notify Admin - OBJECT 33: notify __ADMIN__ + OBJECT 32: notify __ADMIN__ FOUND ACTION GROUP 20: Notify Sender - OBJECT 34: notify __SENDER__ + OBJECT 33: notify __SENDER__ Found RULE 1: Block Dangerous Files FOUND WHAT GROUP 7: Dangerous Content OBJECT 16: content-type=application/javascript OBJECT 17: content-type=application/x-executable OBJECT 15: content-type=application/x-java OBJECT 14: content-type=application/x-ms-dos-executable - OBJECT 18: content-type=application/x-ms-dos-executable - OBJECT 19: content-type=message/partial - OBJECT 20: filename=.*\.(vbs|pif|lnk|shs|shb) - OBJECT 21: filename=.*\.\{.+\} + OBJECT 18: content-type=message/partial + OBJECT 19: filename=.*\.(vbs|pif|lnk|shs|shb) + OBJECT 20: filename=.*\.\{.+\} FOUND ACTION GROUP 14: Remove attachments - OBJECT 28: remove matching attachments + OBJECT 27: remove matching attachments Found RULE 12: Quarantine Office Files FOUND WHAT GROUP 6: Office Files OBJECT 9: content-type=application/msword @@ -41,46 +40,46 @@ Found RULE 12: Quarantine Office Files OBJECT 12: content-type=application/vnd\.stardivision\..* OBJECT 13: content-type=application/vnd\.sun\.xml\..* FOUND ACTION GROUP 22: Attachment Quarantine (remove matching) - OBJECT 36: remove matching attachments + OBJECT 35: remove matching attachments Found RULE 11: Block Multimedia Files FOUND WHAT GROUP 5: Multimedia OBJECT 5: content-type=audio/.* OBJECT 6: content-type=video/.* FOUND ACTION GROUP 14: Remove attachments - OBJECT 28: remove matching attachments + OBJECT 27: remove matching attachments Found RULE 5: Whitelist FOUND FROM GROUP 2: Whitelist OBJECT 2: mail@fromthisdomain.com FOUND ACTION GROUP 16: Accept - OBJECT 30: accept message + OBJECT 29: accept message Found RULE 8: Block Spam (Level 10) FOUND WHAT GROUP 11: Spam (Level 10) - OBJECT 25: Level 10 + OBJECT 24: Level 10 FOUND ACTION GROUP 17: Block - OBJECT 31: block message + OBJECT 30: block message Found RULE 7: Quarantine/Mark Spam (Level 5) FOUND WHAT GROUP 10: Spam (Level 5) - OBJECT 24: Level 5 + OBJECT 23: Level 5 FOUND ACTION GROUP 13: Modify Spam Subject - OBJECT 27: modify field: subject:SPAM: __SUBJECT__ + OBJECT 26: modify field: subject:SPAM: __SUBJECT__ FOUND ACTION GROUP 18: Quarantine - OBJECT 32: Move to quarantine. + OBJECT 31: Move to quarantine. Found RULE 6: Mark Spam FOUND WHAT GROUP 11: Spam (Level 10) - OBJECT 25: Level 10 + OBJECT 24: Level 10 FOUND ACTION GROUP 12: Modify Spam Level - OBJECT 26: modify field: X-SPAM-LEVEL:__SPAM_INFO__ + OBJECT 25: modify field: X-SPAM-LEVEL:__SPAM_INFO__ FOUND ACTION GROUP 13: Modify Spam Subject - OBJECT 27: modify field: subject:SPAM: __SUBJECT__ + OBJECT 26: modify field: subject:SPAM: __SUBJECT__ Found RULE 9: Block outgoing Spam FOUND WHAT GROUP 9: Spam (Level 3) - OBJECT 23: Level 3 + OBJECT 22: Level 3 FOUND ACTION GROUP 17: Block - OBJECT 31: block message + OBJECT 30: block message FOUND ACTION GROUP 19: Notify Admin - OBJECT 33: notify __ADMIN__ + OBJECT 32: notify __ADMIN__ FOUND ACTION GROUP 20: Notify Sender - OBJECT 34: notify __SENDER__ + OBJECT 33: notify __SENDER__ Found RULE 10: Add Disclaimer FOUND ACTION GROUP 21: Disclaimer - OBJECT 35: disclaimer + OBJECT 34: disclaimer -- 2.30.2