Dangerous Content Scanning inconsistancies

Alan mailscanner at ELKNET.NET
Mon Apr 4 18:28:05 IST 2005


Julian,

1) In the MailScanner.conf comments for Dangerous Content Scanning, you
mention that setting it to 'no' will disable all content checks except for
"Virus Scanning, Allow Partial Messages and Allow External Message Bodies".
Unless you do not consider the 'Phishing' test to be one of the 'Dangerous
Content' checks, I think it should be added to the list of what is not
disabled. I use a ruleset for both Virus scanning and Dangerous Content
Scanning so that my customers can request to be removed from filtering.
Today I had one of these customers report that they were still getting the
Phishing edits done to their messages, even though they were set to a 'no'
in the Dangerous Content Scanning ruleset. It was easily fixed by pointing
the test for Phishing to the same ruleset, but it would have been nice to
have known earlier via the comments that it was one of the tests that was
not disabled in the Dangerous Content Scanning setting.

2) Along these lines, I have a feature request for the two settings:
  "Allow Partial Messages =" and "Allow External Message Bodies ="

These two settings use the reverse logic of the other settings, such as
"Dangerous Content Scanning", "Find Phishing Fraud", "Virus Scanning". Each
of these settings referrs to testing for something bad, and if you want to
allow one of these bad things by not looking for it, you set the config to a
'no', typically by using a ruleset.

However, "Allow Partial Messages =" and "Allow External Message Bodies ="
refer to 'allowing' something bad rather than 'testing', so if you want to
allow one of these bad things to happen, you have to set it to a 'yes'.

My point is that I can't use a single ruleset, I have to use two, each being
the opposite of the other. If I have a customer, say 'jdoe at acme.com' who
does not wish to be filtered, I have to put his address in one ruleset with
his address set to 'no' for virus, content, and phishing checks, and then
also put him in a second ruleset with his address set to 'yes' for 'Partial
messages' and 'external message bodies.

I then have to maintain two ruleset files.

If "Allow Partial Messages =" and "Allow External Message Bodies =" were
changed to perhaps "Partial Message Scanning" and "External Message Body
Scanning", we could then use the same logic and rulesets as we do for the
other settings; the 'yes' would become a 'no'.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list