Bad Content Checks
Alex Neuman van der Hans
alex at nkpanama.com
Mon Apr 3 15:37:39 IST 2006
Kai Schaetzl wrote:
> I found a file like this getting quarantined as "bad content". (Ahm, what
> actually happens then - the message is delivered without the attachment,
> or what happens?)
>
> 042-06-Logos.ly01.pdf
>
> This is the rule that hit on it. I don't see the value of this rule.
>
> # Deny all other double file extensions. This catches any hidden
> filenames.
> deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename
> hiding Attempt to hide real filename extension
>
> What is the point of disallowing whatever.whatever.pdf? Why is this trying
> tho hide the real filename extension? Maybe that (whatever.bat.pdf) is
> doing this, but it's much less troublesome than (whatever.pdf.bat).
>
> Can I rule this over with
>
> allow \.pdf$
>
> ?
> If so, I suggest adding quite a few of these exclusions.
>
> Moreover. How can I release that file? I released it and it was
> immediately caught again although 127.0.0.1 is whitelisted and Mailwatch
> lists a Status of "W/L Bad Content" now.
>
>
>
> Kai
>
>
You can, if you put it before the double extension rule. Depending on
the clients' wishes, I either disable it altogether (the double
extension rule) or I add allow rules at the top for trusted filetypes
(my preferred choice). I think you can override it with another setting
introduced a couple of versions ago.
More information about the MailScanner
mailing list