How can I manage what attachments are banned using Warden?

Banned Rules

In Amavis banned rules are controlled by the $banned_filename_re option in the Amavis config file:

  1. On Centos/RHEL/CloudLinux/AlmaLinux the option is located in the config file at /etc/amavisd/amavisd.conf.
  2. On Debian/Ubuntu the the option is located at in the config file /etc/amavis/conf.d/20-debian_defaults.

Adding Custom Banned Rules

Administrators can also override the default banned rules from within the Warden interface:

  1. Navigate to Warden -> Settings -> Content Filter Settings -> Scanner Settings -> select the Banned rule template to add example entries to the Banned rules option.
  2. Press the Update button to save your changes. Any added banned rules will be available at the server, domain, and mailbox level under their policy.

Banned Rules

Add the Banned Rules to the Policy

Now the administrator can set the added banned rules at the server wide, domain or mailbox level under their policy (Server wide example: Settings -> Policy Settings -> File Filter -> Banned rules). In this example we added the ALLOW_MS_OFFICE rule to allow Microsoft Office documents server wide. Remember that content filter policies are hierarchical so all child policies will have these banned rules applied unless they are set at the child level.

Banned Rules

Rule Examples

Rule names should only contain letters, numbers, and underscores. Multiple banned rules can be added (comma separated) but the total length of all the rule names should not exceed 64 chars (The Amavis database table char limit).

To allow Microsoft office documents:

'ALLOW_MS_OFFICE' => new_RE([qr'.\.(doc|docx|xls|xlsx|ppt|pptx)$'i => 0])

To deny compressed archives:

'BLOCK_COMPRESS' => new_RE([qr'.\.(zip|7z|gz|bz2|tar|rar)$'i => 1])

The default rule contains the global banned rules from the Amavis config and should normally not be removed:

'DEFAULT' => $banned_filename_re

Adding Multiple Rules

Multiple rules are separated by commas. To allow Microsoft office documents and deny compressed archives:

'ALLOW_MS_OFFICE' => new_RE([qr'.\.(doc|docx|xls|xlsx|ppt|pptx)$'i => 0]), 'BLOCK_COMPRESS' => new_RE([qr'.\.(zip|7z|gz|bz2|tar|rar)$'i => 1]), 'DEFAULT' => $banned_filename_re

Using the Command Line

Remember that single quotes need to be properly escaped when passing options using the CLI:

// add the rule ALLOW_MS_OFFICE rule
warden --task=contentfilter:scanner --banned_rules=''\''ALLOW_MS_OFFICE'\'' => new_RE([qr'\''.\.(doc|docx|xls|xlsx|ppt|pptx)$'\''i => 0]), '\''DEFAULT'\'' => $banned_filename_re'

// enable it for the server wide policy
warden --task=contentfilter:policy --banned_rulenames=ALLOW_MS_OFFICE --reload=yes
  • banned, attachments, files
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

How can I whitelist or blacklist a mail server from greylisting?

To Whitelist a Mail Server From Greylisting Navigate to Warden -> Settings ->...

How can I enable third party anti-virus signatures within Warden to improve the ClamAV detection rate?

Warden supports enabling third party anti-virus signatures to improve the detection rate. These...

How can I setup a local caching DNS resolver to speed up DNS queries used by Amavis?

Run the following command to check if local DNS caching is enabled: host -tTXT...