Attachments with denied extensions aren't being blocked
Mike Kercher
mike at CAMAROSS.NET
Tue Apr 27 06:36:25 IST 2004
Is it possible that you have sendmail running in addition to MailScanner?
Which AV product are you using and which version?
Mike
________________________________
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
On Behalf Of David Pollard
Sent: Tuesday, April 27, 2004 12:19 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Attachments with denied extensions aren't being blocked
Hi There,
I am having problems with denying file attachments of specified
types getting past my MailScanner.
They are getting blocked further down the track but I would like my
front line of defence to catch them.
I first noticed this when the Netsky virus was getting through
(.pif) but following some testing I realised that ALL files with denied
attachments aren't being blocked.
I tried .bat, .pif and .exe and they all got blocked by Outlook and
not my MailScanner.
I checked my filename.rules.conf file and it looks good.
Just in case I had something wrong with the file I typed the .pif
line again but that didn't help.
I check my MailScanner.conf file and it seems to specify the
filename.rules.conf file correctly.
I have made very few changes to these files from the defaults.
I'm (almost) sure this used to work and I haven't touched the
configuration for ages.
I also notice that no new viruses have been added to my quarantine
area for about a month and a half.
My workstation antivirus software has been blocking NETSKY variants
lately.
On Red Hat Linux Version 9
I'm running MailScanner version
MailScanner E-Mail Virus Scanner version 4.25-13 starting...
I have added the -r flag to Syslog as specified in the doco and
restarted the syslog daemon but a ps still looks like this.
root 4561 1 0 13:02 ? 00:00:00 syslogd -m 0
I'm not sure of the correct syntax to add this?
SYSLOGD_OPTIONS="-r -m 0"
The above message is the only MailScanner message I see in my logs.
Any ideas on what could be going on here?
I'll attach my config files or send them directly if that are likely
to be of any use.
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk For further info
about MailScanner, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at http://www.mailscanner.biz/maq/ and the archives
at http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list