Denying attachments

Bahadir Kiziltan b_kiziltan at HOTMAIL.COM
Wed Dec 14 15:42:02 GMT 2005


Yes, I know all clean :-).

>why not let SA handle them: set a huge spamscore on a rule
>guaranteed to match them?

This is what i give it a try.

Thanks.


>From: Glenn Steen <glenn.steen at GMAIL.COM>
>Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Denying attachments
>Date: Wed, 14 Dec 2005 15:19:21 +0100
>
>On 14/12/05, Bahadir Kiziltan <b_kiziltan at hotmail.com> wrote:
> > No, they're changed somehow before arriving to my MS.
>
>As one could suspect. This means that the files are actually harmless
>text files. Kind of pointless, to boot, but there it is... You're
>"suffering" for someone elses dumbness:-).
>
> > "Silent Viruses" directive has already been set as you suggested.
>
>Since they're not viruses, this doesn't come into play.
>
> > Can MS replace the infected files with the text content?
>
>As said. Not really viruses;).
>
>What you can do is either use postfix (via a body check, consult the
>anti-UCE stuff at http://www.postfix.org) to drop the mails entirely,
>or ... why not let SA handle them: set a huge spamscore on a rule
>guaranteed to match them?
>
> > >From: Julian Field <MailScanner at ECS.SOTON.AC.UK>
> > >Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> > >To: MAILSCANNER at JISCMAIL.AC.UK
> > >Subject: Re: Denying attachments
> > >Date: Tue, 13 Dec 2005 17:24:50 +0000
> > >
> > >Is it your MailScanner replacing the viruses with the text files, or
> > >someone else's earlier in the mail path?
> > >If it's your one doing it, then you probably just want to make sure you
> > >have
> > >Silent Viruses = All-Viruses
> > >so that virus-infected messages are just quietly dropped.
> > >
> > >Bahadir Kiziltan wrote:
> > >
> > >>Hi,
> > >>
> > >>Using MailScanner version 4.47.4 with postfix, bitdefender, clamav and
> > >>spam enabled on Fedora Core 4 box. Also monitoring and reporting via
> > >>MailWatch. The results are incredible, at least for us.
> > >>
> > >>I have a minor issue in denying files attached to mail messages. All 
>the
> > >>files mentioned have zip extension sized below 1KB but actually 
>they're
> > >>text files with the following more or less the similar content.
> > >>
> > >>------
> > >>Your attachment "mailtext.zip" contained viruses:
> > >>         "W32.Sober.X at mm!zip",
> > >>         and "W32.Sober.X at mm" at location "File-packed_dataInfo.exe
> > >>It was deleted and replaced with this text file.
> > >>------
> > >>
> > >>------
> > >>Your attachment "downloadm.zip" contained viruses:
> > >>         "W32.Sober.X at mm!zip",
> > >>         and "W32.Sober.X at mm" at location "File-packed_dataInfo.exe
> > >>It was deleted and replaced with this text file.
> > >>------
> > >>
> > >>According to the maillog, such attachment comes to the MTA as is. 
>Sure,
> > >>not modified by MailScanner.
> > >>
> > >>Set the directive "Minimum Attachment Size" to 1024, they are all 
>denied
> > >>successfully but also with the "delivered and read" confirmation 
>messages.
> > >>
> > >>What do you recommend in order to deny such file(s) more effectively?
> > >>
> > >>Thanks.
> > >>Bahadir.
> > >>
> > >>------------------------ MailScanner list ------------------------
> > >>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > >>'leave mailscanner' in the body of the email.
> > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >>
> > >>Support MailScanner development - buy the book off the website!
> > >
> > >
> > >--
> > >Julian Field
> > >www.MailScanner.info
> > >Buy the MailScanner book at www.MailScanner.info/store
> > >Professional Support Services at www.MailScanner.biz
> > >MailScanner thanks transtec Computers for their support
> > >
> > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
> > >
> > >--
> > >This message has been scanned for viruses and
> > >dangerous content by MailScanner, and is
> > >believed to be clean.
> > >
> > >------------------------ MailScanner list ------------------------
> > >To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > >'leave mailscanner' in the body of the email.
> > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > >Support MailScanner development - buy the book off the website!
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list