Attachments with denied extensions aren't being blocked

Mike Kercher mike at CAMAROSS.NET
Tue Apr 27 06:36:25 IST 2004


Is it possible that you have sendmail running in addition to MailScanner?
Which AV product are you using and which version?

Mike



________________________________

        From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
On Behalf Of David Pollard
        Sent: Tuesday, April 27, 2004 12:19 AM
        To: MAILSCANNER at JISCMAIL.AC.UK
        Subject: Attachments with denied extensions aren't being blocked



        Hi There,

        I am having problems with denying file attachments of specified
types getting past my MailScanner.

        They are getting blocked further down the track but I would like my
front line of defence to catch them.



        I first noticed this when the Netsky virus was getting through
(.pif) but following some testing I realised that ALL files with denied
attachments aren't being blocked.

        I tried .bat, .pif and .exe and they all got blocked by Outlook and
not my MailScanner.



        I checked my filename.rules.conf file and it looks good.

        Just in case I had something wrong with the file I typed the .pif
line again but that didn't help.



        I check my MailScanner.conf file and it seems to specify the
filename.rules.conf file correctly.



        I have made very few changes to these files from the defaults.



        I'm (almost) sure this used to work and I haven't touched the
configuration for ages.



        I also notice that no new viruses have been added to my quarantine
area for about a month and a half.

        My workstation antivirus software has been blocking NETSKY variants
lately.



        On Red Hat Linux Version 9



        I'm running   MailScanner version

        MailScanner E-Mail Virus Scanner version 4.25-13 starting...





        I have added the -r flag to Syslog as specified in the doco and
restarted the syslog daemon but a ps still looks like this.

        root      4561     1  0 13:02 ?        00:00:00 syslogd -m 0



        I'm not sure of the correct syntax to add this?

        SYSLOGD_OPTIONS="-r -m 0"



        The above message is the only MailScanner message I see in my logs.



        Any ideas on what could be going on here?

        I'll attach my config files or send them directly if that are likely
to be of any use.



        -------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk For further info
about MailScanner, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at    http://www.mailscanner.biz/maq/     and the archives
at    http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list