Until an official method for extending blocking to inside attachments is supported, I just uncommented one of the blocks in /opt/zimbra/conf/amavisd.conf.in for $banned_filename_re:
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
This lets the normal Zimbra attachment blocking work while also using the blocking in amavisd-new (which DOES support blocking files inside of archives) to specifically ban those above extensions within archives. I tried sending the very same emails that were sneaking through and the logs show it being blocked now specifically due to the embedded .exe.
I also added:
$final_banned_destiny = D_DISCARD;
To prevent backscatter since the default in amavisd-new is D_BOUNCE. |