Filetypes and filenames not being checked

Golden, James jgolden at ci.grand-rapids.mi.us
Thu Jul 27 14:20:07 IST 2006 

I'm pretty new to this MailScanner stuff, so this may be too simple.  So
please excuse me.  What about the file permissions on your
filename.rules.conf or filetype.rules.conf? 

One other thought is your max or minimum size for attachments setting in
the Mailscanner.conf file?

On Wed, 2006-07-26 at 16:58 -0400, DAve wrote:

> Julian Field wrote:
> > Can anyone else reproduce this behaviour?
> > I sure can't :-(
> 
> I would wager I've done something very stupid. Woods, trees, that whole 
> metaphor thing.
> 
> For what it's worth, some things are installed, but not showing up in 
> MailScanner -v. MailTools, IO-Stringy, Storable, File-Spec. I am double 
> checking to make sure they did in fact install.
> 
> bash-2.05b# MailScanner -v
> Running on
> FreeBSD avhost2.tls.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 
> 23 20:45:55 GMT 2004 
> root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC  i386
> This is Perl version 5.006002 (5.6.2)
> 
> This is MailScanner version 4.54.6
> Module versions are:
> 1.16    Archive::Zip
> 1.119   Convert::BinHex
> 1.03    Fcntl
> 2.6     File::Basename
> 2.03    File::Copy
> 2.00    FileHandle
> 1.0404  File::Path
> 0.16    File::Temp
> 0.68    Filesys::Df
> 1.35    HTML::Entities
> 3.54    HTML::Parser
> 2.37    HTML::TokeParser
> 1.20    IO
> 1.08    IO::File
> 1.121   IO::Pipe
> 1.74    Mail::Header
> 3.07    MIME::Base64
> 5.420   MIME::Decoder
> 5.420   MIME::Decoder::UU
> 5.420   MIME::Head
> 5.420   MIME::Parser
> 3.07    MIME::QuotedPrint
> 5.420   MIME::Tools
> 0.11    Net::CIDR
> 1.03    POSIX
> 1.72    Socket
> 0.01    Sys::Syslog
> 1.87    Time::HiRes
> 1.01    Time::localtime
> 
> Optional module versions are:
> 0.17    Convert::TNEF
> 1.806   DB_File
> 1.12    DBD::SQLite
> 1.50    DBI
> 1.15    Digest
> 1.01    Digest::HMAC
> 2.36    Digest::MD5
> 2.11    Digest::SHA1
> missing Inline
> missing Mail::ClamAV
> 3.001001        Mail::SpamAssassin
> 1.999001        Mail::SPF::Query
> 0.20    Net::CIDR::Lite
> 1.24    Net::IP
> 0.57    Net::DNS
> missing Net::LDAP
> missing Parse::RecDescent
> missing SAVI
> 1.4     Sys::Hostname::Long
> 2.58    Test::Harness
> 0.62    Test::Simple
> missing Text::Balanced
> 1.35    URI
> 
> 
> bash-2.05b# MailScanner --lint
> Read 719 hostnames from the phishing whitelist
> Config: calling custom init function MailWatchLogging
> Config: calling custom init function SQLHighSpamScores
> Config: calling custom init function SQLWhitelist
> Config: calling custom init function SQLBlacklist
> Config: calling custom init function SQLSpamScores
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> SpamAssassin reported no errors.
> 
> MailScanner.conf says "Virus Scanners = clamav"
> Found these virus scanners installed: clamav, bitdefender
> 
> 
> 
> 
> > 
> > DAve wrote:
> >> DAve wrote:
> >>> DAve wrote:
> >>>> Good morning,
> >>>>
> >>>> I have just had a user bring to my attention that since I upgraded 
> >>>> to 4.54.x we are no longer stopping filenames with double suffixes 
> >>>> or banned suffixes.
> >>>>
> >>>> I tried a test and sure enough two files went right through, 
> >>>> test.svx.doc and test.scr. I double checked my conf files and 
> >>>> everything looks good, mailscanner --lint shows no errors.
> >>>>
> >>>> I haven't changed anything in the conf file except to add MailWatch. 
> >>>> I went through the change log and docs and didn't see anything that 
> >>>> I thought would affect me.
> >>>>
> >>>> Has there been a change in how the filename.rules.conf files work?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> DAve
> >>>>
> >>>
> >>> Hmm, double checked the filename.rules.conf and filetype.rules.conf 
> >>> and they looked fine (yes, tabs not spaces).
> >>>
> >>> Just on a whim I changed the MailScanner.conf to
> >>> Filename Rules = %rules-dir%/user.filename.rules
> >>> #Filename Rules = %etc-dir%/filename.rules.conf
> >>>
> >>> Then created %rules-dir%/user.filename.rules as
> >>> # Default, disallow for all others
> >>> To:     default         
> >>> /usr/local/etc/MailScanner/filename.deny.rules.conf
> >>> From:   default         
> >>> /usr/local/etc/MailScanner/filename.deny.rules.conf
> >>>
> >>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf 
> >>> from the install source.
> >>>
> >>> Still test.svx.doc gets through as does test.scr. mailscanner --lint 
> >>> still shows no issues.
> >>>
> >>> I tried to run in debug mode but I got no unusual output. So I 
> >>> stopped MailScanner and called with the debug switch with no change. 
> >>> Is there a way to run in debug and output to the terminal?
> >>>
> >>> DAve
> >>>
> >>
> >> Well, I've tried using full paths in the Filename Rules = ,
> >> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules
> >>
> >> I've tried adding a file suffix to Deny Filenames =
> >> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$
> >>
> >> Nothing works, test.scr just flies right through. I'm pretty much left 
> >> with reinstall on all my servers unless I can find a way to see what 
> >> is happening.
> >>
> >> DAve
> >>
> > 
> 
> 
> -- 
> Three years now I've asked Google why they don't have a
> logo change for Memorial Day. Why do they choose to do logos
> for other non-international holidays, but nothing for
> Veterans?
> 
> Maybe they forgot who made that choice possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/b7333587/attachment.html

More information about the MailScanner mailing list