ZIP file attachments passing through MS 4.35.9 unscanned
Adri Koppes
adrik at SALESMANAGER.NL
Tue Dec 21 12:51:30 GMT 2004
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
> -----Original Message-----
> From: Mike [mailto:michael at NOMENNESCIO.NET]
> Sent: 21 December, 2004 13:38
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: ZIP file attachments passing through MS 4.35.9 unscanned
>
>
> > From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Adri Koppes
> >
> > Recently I have noticed some people bypassing the contents
> scanning of
> Zip
> > file attachments.
> > When a message contains a .zip file attachment, renamed to .txt,
> > MailScanner does not seems to detect the presence of the zip file,
> despite > the setting of 'Find Archives By Content = yes' in the
> MailScanner.conf > file. Examing the message, the zip file
> is attached
> as follows:
> >
> > Has anyone else noticed this problem? It is real easy to pass
> executables
> > and other mallicious content.
>
> Use this option in MailScanner.conf: "File Command = /usr/bin/file".
I already have that set and verified it's working. For instance MPEG's and
AVI's are blocked regardless of the attached filename.
Adri
>
> Mike.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list