releasing from quarantine
Rabie van der Merwe
rabie at CT.DDSECURITY.CO.ZA
Wed May 4 22:52:57 IST 2005
Hi Jeremy,
I also had issues with releasing mail, here is what I did and posted to the
group:
Regards
Rabie
----snip----
Thanx too all, it works, herewith all the changes that where required for
MailScanner 4.39. Also to make this more foolproof, one could add a 'AND
From: quarantine at mydomain.com' to the 'From: 127.0.0.1' (or whatever the
email address is of the sender of the quarantine proccess and should do this
if you have users on the local box who send mail.
Changes to MailScanner.conf:
Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning =
%rules-dir%/dangerous.content.scan.rules
Filename Rules = %rules-dir%/filename.rules Filetype Rules =
%rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules
Files:
virus.scan.rules:
From: 127.0.0.1 no
FromOrTo: default yes
dangerous.content.scan.rules:
From: 127.0.0.1 no
FromOrTo: default yes
spam.check.rules
From: 127.0.0.1 no
FromOrTo: default yes
filename.rules
From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf
filetype.rules:
From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filetype.rules.conf
filename.rules.allowall.conf:
allow .* - -
filetype.rules.allowall.conf:
allow .* - -
Regards
Rabie
----snip----
________________________________
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Martin, Jeremy
Sent: 04 May 2005 18:26 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: releasing from quarantine
Hi,
I am using MailWatch with MailScanner but I believe this is more MailScanner
related, so I'm asking here.
In MailWatch when I try to release a message blocked because of the file
types, it keeps getting re-quarantined.
In my spam.whitelist.rules I am whitelisting the From: email address
MailWatch is using when it releases the message. I am also whitelisting that
address in virus.scanning.rules . and my MailScanner.conf definitely has it
looking at those two rule sets.
The status of the message in MailWatch is showing up as "W/L, Bad Content"
.. One of the attachments is an .exe blocked by the filename.rules.conf and
the two other files are .dll's but not listed in filename.rules.conf . The
report I'm getting emailed seems to be the stored.content.message.txt and
it's saying
"At Wed May 4 09:13:21 2005 the virus scanner said:
MailScanner: Executable DOS/Windows programs are dangerous in email
(ExportBatchService.exe)
MailScanner: Attempt to hide real filename extension
(Dart.PowerTCP.Ftp.dll)"
So how do I further whitelist the From email address these 'release from
quarantine' emails are coming from, in addition to the current whitelist in
my spam.whitelist.rules and virus.scanning.rules, so it doesn't get
re-quarantined?
Thanks!!
Jeremy
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list