Filetypes and filenames not being checked

DAve dave.list at pixelhammer.com
Wed Jul 26 21:58:03 IST 2006 

Julian Field wrote:
> Can anyone else reproduce this behaviour?
> I sure can't :-(

I would wager I've done something very stupid. Woods, trees, that whole 
metaphor thing.

For what it's worth, some things are installed, but not showing up in 
MailScanner -v. MailTools, IO-Stringy, Storable, File-Spec. I am double 
checking to make sure they did in fact install.

bash-2.05b# MailScanner -v
Running on
FreeBSD avhost2.tls.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 
23 20:45:55 GMT 2004 
root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC  i386
This is Perl version 5.006002 (5.6.2)

This is MailScanner version 4.54.6
Module versions are:
1.16    Archive::Zip
1.119   Convert::BinHex
1.03    Fcntl
2.6     File::Basename
2.03    File::Copy
2.00    FileHandle
1.0404  File::Path
0.16    File::Temp
0.68    Filesys::Df
1.35    HTML::Entities
3.54    HTML::Parser
2.37    HTML::TokeParser
1.20    IO
1.08    IO::File
1.121   IO::Pipe
1.74    Mail::Header
3.07    MIME::Base64
5.420   MIME::Decoder
5.420   MIME::Decoder::UU
5.420   MIME::Head
5.420   MIME::Parser
3.07    MIME::QuotedPrint
5.420   MIME::Tools
0.11    Net::CIDR
1.03    POSIX
1.72    Socket
0.01    Sys::Syslog
1.87    Time::HiRes
1.01    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.806   DB_File
1.12    DBD::SQLite
1.50    DBI
1.15    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.11    Digest::SHA1
missing Inline
missing Mail::ClamAV
3.001001        Mail::SpamAssassin
1.999001        Mail::SPF::Query
0.20    Net::CIDR::Lite
1.24    Net::IP
0.57    Net::DNS
missing Net::LDAP
missing Parse::RecDescent
missing SAVI
1.4     Sys::Hostname::Long
2.58    Test::Harness
0.62    Test::Simple
missing Text::Balanced
1.35    URI


bash-2.05b# MailScanner --lint
Read 719 hostnames from the phishing whitelist
Config: calling custom init function MailWatchLogging
Config: calling custom init function SQLHighSpamScores
Config: calling custom init function SQLWhitelist
Config: calling custom init function SQLBlacklist
Config: calling custom init function SQLSpamScores
Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.

MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamav, bitdefender




> 
> DAve wrote:
>> DAve wrote:
>>> DAve wrote:
>>>> Good morning,
>>>>
>>>> I have just had a user bring to my attention that since I upgraded 
>>>> to 4.54.x we are no longer stopping filenames with double suffixes 
>>>> or banned suffixes.
>>>>
>>>> I tried a test and sure enough two files went right through, 
>>>> test.svx.doc and test.scr. I double checked my conf files and 
>>>> everything looks good, mailscanner --lint shows no errors.
>>>>
>>>> I haven't changed anything in the conf file except to add MailWatch. 
>>>> I went through the change log and docs and didn't see anything that 
>>>> I thought would affect me.
>>>>
>>>> Has there been a change in how the filename.rules.conf files work?
>>>>
>>>> Thanks,
>>>>
>>>> DAve
>>>>
>>>
>>> Hmm, double checked the filename.rules.conf and filetype.rules.conf 
>>> and they looked fine (yes, tabs not spaces).
>>>
>>> Just on a whim I changed the MailScanner.conf to
>>> Filename Rules = %rules-dir%/user.filename.rules
>>> #Filename Rules = %etc-dir%/filename.rules.conf
>>>
>>> Then created %rules-dir%/user.filename.rules as
>>> # Default, disallow for all others
>>> To:     default         
>>> /usr/local/etc/MailScanner/filename.deny.rules.conf
>>> From:   default         
>>> /usr/local/etc/MailScanner/filename.deny.rules.conf
>>>
>>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf 
>>> from the install source.
>>>
>>> Still test.svx.doc gets through as does test.scr. mailscanner --lint 
>>> still shows no issues.
>>>
>>> I tried to run in debug mode but I got no unusual output. So I 
>>> stopped MailScanner and called with the debug switch with no change. 
>>> Is there a way to run in debug and output to the terminal?
>>>
>>> DAve
>>>
>>
>> Well, I've tried using full paths in the Filename Rules = ,
>> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules
>>
>> I've tried adding a file suffix to Deny Filenames =
>> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$
>>
>> Nothing works, test.scr just flies right through. I'm pretty much left 
>> with reinstall on all my servers unless I can find a way to see what 
>> is happening.
>>
>> DAve
>>
> 


-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

More information about the MailScanner mailing list