I need to tweak filename rules
Rick Cooper
rcooper at DIMENSION-FLM.COM
Tue Jan 27 13:15:02 GMT 2004
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Chris Yuzik
> Sent: Tuesday, January 27, 2004 12:33 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: I need to tweak filename rules
>
>
> Mike Kercher wrote:
>
> >Look at the very last rule in
> /etc/MailScanner/filename.rules.conf
> >
> ># Deny all other double file extensions. This catches
> any hidden filenames.
> >allow \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found
> possible filename
> >hiding
> >
> >Note: I have changed mine to ALLOW these and not deny
> them. Make sure you
> >reload MailScanner after altering this file.
> >
> >
> Mike,
>
> OK, that should be interesting.
>
> But what about this, which is commented in the top few
> lines of the file?
>
> # Due to a bug in Outlook Express, you can make the
> 2nd from last extension
> # be what is used to run the file.
>
You could use a file rule like (watch the wrap)
deny
(?:(?:(?:\.exe|\.pif|\.com|\.vb[es]|\.cmd|\.bat|\.scr|\.chm)).*?\
.doc$) report user report
And add whatever \.ext| you want to block within the inner
brackets, however since MailScanner checks files based on type as
well some of the listed extensions are redundant. I tested a copy
of notepad.exe named notepad.exe.doc and another notepad.ddd.doc
and MailScanner stopped both as unacceptable file types. I turned
off the file type checking and MailScanner stopped
notepad.exe.doc with the file name rules.
I have used this rule for a while because we have several vendors
that send file names like northstore.may2004.stats.xls (I pass
.xls and .doc files on the same rule). Trying to tell a Ford
Motor Company corporate employee how to format their file names
is like trying to tell God a rabbit's ears are too long.
If you use the regex above make sure you place an explicit allow
\.doc$ just below the deny above, both should go above the allow
section.
> So, would that mean that OE might actually run
> "somebadfile.exe.doc" as
> an exe? If that's the case, then perhaps overriding
> the rule isn't a
> good idea.
>
The big thing with OE (which I believe has been fixed now) was
naming a file something like badthing.doc.exe and, if you have
"hide known file types" enabled all you would see would be
"badthing" and the icon would be of type .doc (MS stopped
checking type for display after the first "." in the file name).
I believe they no longer execute a file based on it's actual mime
type anymore either (except from the command console) so (and I
tested this) a file named notepad.exe.doc is opened by Word (or
Open Office).
> Any thoughts?
>
> Cheers,
> Chris
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
More information about the MailScanner
mailing list