Newbie! Whitelisting Newsletter

Julian Field mailscanner at ecs.soton.ac.uk
Wed Nov 10 20:59:32 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Andy Norris wrote:

> Thanks Julian,
>
> The warning attachment says:
>
> ----------------------------------------------------------------------
> The original e-mail message contained potentially dangerous content,
> which has been removed for your safety.
>
> The content is dangerous as it is often used to spread viruses or to gain
> personal or confidential information from you, such as passwords or
> credit
> card numbers.
>
> At Wed Nov 10 13:00:56 2004 the content filters said:
>    Found a form in HTML message

In which case, as others have already suggested, I would set
Allow Form Tags = disarm
This is very simple and just breaks the form so it doesn't work any
more. "disarm" isn't a bad idea for any of those settings (the ones that
say you can use "disarm") as it still lets the message through, just
with the nasty bits broken.

> The book covers this topic in depth? I'll buy it straightaway.

It gives a very good description of all the configuration options and
talks about rulesets. I have posted the contents list here before, it
will be in the archive somewhere.

> At 02:13 pm 2004-11-10, you wrote:
>
>> You first need to work out which check(s) you want to disable for these
>> newsletters. What does the warning attachment actually say for one of
>> these newsletters? That should give you the answer to that one.
>>
>> Then you should go and read about rulesets. Almost all of the
>> configuration options can be given the filename of a ruleset instead of
>> just a simple value. The rules in the ruleset file describe what value
>> should be used for that configuration option depending on where the
>> message came from or is going to (or both, or a few other things too).
>> You can have different rulesets for every configuration option, which
>> can be used to build extremely complex configurations for large and
>> diverse sites.
>>
>> There is no such thing as a simple global "whitelist", the configuration
>> system is far more flexible than that.
>>
>> There is documentation in /etc/MailScanner/rules, and in the MAQ
>> (location at the bottom of every list posting), and in the FAQ (on
>> www.mailscanner.info) and in the book (which you can purchase directly
>> from www.mailscanner.info). There have also been numerous discussions
>> and examples of rulesets posted to this list in the past.
>>
>> Hopefully that's enough to get you going.
>>
>> Andy Norris wrote:
>>
>>> Hi,
>>>
>>> Apologies if this is old hat, but could not get much in searching the
>>> archives for "virus whitelist newsletter".
>>>
>>> I am running MailScanner on a RedHat server running SpamAssassin. I
>>> have
>>> users who have subscribed to HTML newsletters, and I am needing to
>>> whitelist these newsletters from being flagged as viruses. Am using
>>> ClamAV...
>>>
>>> Where is the whitelist file, and how to get MailScanner to honor the
>>> entries in said file?
>>>
>>> Thanks very much in advance,
>>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).




More information about the MailScanner mailing list