allowing attachment filelname

Glenn Steen glenn.steen at gmail.com
Tue Dec 19 09:34:51 CET 2006 

On 19/12/06, Dan Carl <danc at bluestarshows.com> wrote:
>
> ----- Original Message -----
> From: "Glenn Steen" <glenn.steen at gmail.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Monday, December 18, 2006 3:00 PM
> Subject: Re: allowing attachment filelname
>
>
> > On 18/12/06, Dan Carl <danc at bluestarshows.com> wrote:
> > > ----- Original Message -----
> > > From: "Glenn Steen" <glenn.steen at gmail.com>
> > > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > > Sent: Monday, December 18, 2006 12:54 PM
> > > Subject: Re: allowing attachment filelname
> > >
> > >
> > > > On 18/12/06, Dan Carl <danc at bluestarshows.com> wrote:
> > > > > Ok I have a certain filename I want to let through.
> > > > > I added a rule to my filename.rules.conf.
> > > > > A followed the instructions
> > > > > NOTE: Fields are separated by TAB characters --- Important!
> > > > > I've checked my mailscanner.conf and its set to:
> > > > > Filename Rules = %etc-dir%/filename.rules.conf
> > > > > Why is the attachment still being quarantined?
> > > > > Im using ClamAV and F-Prot
> > > > Well, why is it quarantined? Look in the logs... Should tell you well
> > > enough...
> > > > One could guess that perhaps it is blocked by filetype? Or by an AV
> > > At Mon Dec 18 10:30:14 2006 the virus scanner said:
> > >    ClamAV Module: BACKUP.qpb was infected: Encrypted.Zip
> >
> > Aha, so it's really clamav (or rather clamavmodule:-) that is triggering.
> > You'll have to make it accept that filename (in clamscan,
> > clamavmodule), or not let clam block password encrypted archives
> > (might be a tad too forgiving:) or just plain stop
> > encrypting/passwd-protecting the zipfile ... or something similar that
> > fits your bill:-).
> >
>
> Its a backup from quick books point of sale.
> It is automatically encryted there no way round it.

Ok. Was worth a shot:-).

> > Haven't checked this, but what happens if you set "Allow Password
> > Protected Archives = yes" (or a ruleset to that effect)? There're some
> > settings for ClamavModule too that might effect how this plays out ...
> > Perhaps do a limit of recursion? I'm not sure if that will work...
> > Look at
> http://www.mailscanner.info/MailScanner.conf.index.html#ClamAVmodule%20Maximum%20Recursion%20Level
> > ...
>
> Ok setting Allow Password Protected Archives= yes
> Allowed the file to come through.

Good.

> I know I can make a rule set to tighten it up alot more, but I this my only
> alternive?

Probably you best bet. Other would be routing it through a mail path
that precludes MailScanner, or trying to make the clamav module more
intelligent _for that one sender_... Not good options, IMO.

> I know could have then use ftp server to send/receive but I'm affraid this
> would turn into a support nightmare for me.

Some intelligent scripting should be your helping hand there, but
really... You know what IP address and sender they come from, right?
It should be an easy enough ruleset to construct. If you need help
with that, just holler and someone will jump in (if I'm too busy;).

> Why does adding it to filename.rules.conf have no effect?

Because it is not the filename checking that is blocking it. It is the
anti-virus program. Simple as that.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list