Filetypes and filenames not being checked

Julian Field mailscanner at ecs.soton.ac.uk
Wed Jul 26 21:13:58 IST 2006


Can anyone else reproduce this behaviour?
I sure can't :-(

DAve wrote:
> DAve wrote:
>> DAve wrote:
>>> Good morning,
>>>
>>> I have just had a user bring to my attention that since I upgraded to 
>>> 4.54.x we are no longer stopping filenames with double suffixes or 
>>> banned suffixes.
>>>
>>> I tried a test and sure enough two files went right through, 
>>> test.svx.doc and test.scr. I double checked my conf files and 
>>> everything looks good, mailscanner --lint shows no errors.
>>>
>>> I haven't changed anything in the conf file except to add MailWatch. 
>>> I went through the change log and docs and didn't see anything that I 
>>> thought would affect me.
>>>
>>> Has there been a change in how the filename.rules.conf files work?
>>>
>>> Thanks,
>>>
>>> DAve
>>>
>>
>> Hmm, double checked the filename.rules.conf and filetype.rules.conf 
>> and they looked fine (yes, tabs not spaces).
>>
>> Just on a whim I changed the MailScanner.conf to
>> Filename Rules = %rules-dir%/user.filename.rules
>> #Filename Rules = %etc-dir%/filename.rules.conf
>>
>> Then created %rules-dir%/user.filename.rules as
>> # Default, disallow for all others
>> To:     default         
>> /usr/local/etc/MailScanner/filename.deny.rules.conf
>> From:   default         
>> /usr/local/etc/MailScanner/filename.deny.rules.conf
>>
>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf 
>> from the install source.
>>
>> Still test.svx.doc gets through as does test.scr. mailscanner --lint 
>> still shows no issues.
>>
>> I tried to run in debug mode but I got no unusual output. So I stopped 
>> MailScanner and called with the debug switch with no change. Is there 
>> a way to run in debug and output to the terminal?
>>
>> DAve
>>
> 
> Well, I've tried using full paths in the Filename Rules = ,
> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules
> 
> I've tried adding a file suffix to Deny Filenames =
> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$
> 
> Nothing works, test.scr just flies right through. I'm pretty much left 
> with reinstall on all my servers unless I can find a way to see what is 
> happening.
> 
> DAve
> 

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list