blocking %00 / %01 exploits with mailscanner?
Jan-Peter Koopmann
Jan-Peter.Koopmann at SECEIDOS.DE
Tue Jan 20 00:03:06 GMT 2004
> According to the mcp documentation
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/
>
> It implies mcp is only applied to outbound email, not incoming.
You either tell MailScanner to treat all mails (e.g. Virus Scanning =
yes) or you use rulesets (e.g. Virus Scanning =
/usr/local/etc/MailScanner/rules/virus.scanning.rules). Unless you
create a ruleset like
From: yourdomain at com yes
FromOrTo: default no
which would do what you understood, MCP can/will of course work on
inbound mail as well.
> "The point of Message Content Protection (MCP) is to allow
> you to write rules for scanning the text content of email
> messages so you can trap messages that contain certain
> numbers of keywords and/or phrases that you don't want
> leaving your company."
> ^^^^^^^^^^^^^^^^^^^^
>
> If this is not the case, then the documentation for MCP is
> worded badly :-/
Out of context: Agreed. Within the MailScanner context and with
knowledge of how MailScanner works: No. From my point of view that
passage is crystal clear. :-)
Do yourself a favour: Simply try it!
Regards,
JP
More information about the MailScanner
mailing list