Filetypes and filenames not being checked
DAve
dave.list at pixelhammer.com
Thu Jul 27 18:14:19 IST 2006
Golden, James wrote:
> I'm pretty new to this MailScanner stuff, so this may be too simple. So
> please excuse me. What about the file permissions on your
> filename.rules.conf or filetype.rules.conf?
I am in no position to question anyone's suggestions ;^)
bash-2.05b# ls -la
total 388
dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .
drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 ..
drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS
-rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf
drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes
-r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf
-rw-r--r-- 1 root cvs 197 Jul 21 12:59 filename.allow.rules.conf
-rw-r--r-- 1 root cvs 6851 Jul 21 12:51 filename.deny.rules.conf
-rw-r--r-- 1 root cvs 929 Jul 21 13:01 filetype.allow.rules.conf
-rw-r--r-- 1 root cvs 921 Jul 21 12:51 filetype.deny.rules.conf
dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp
-r--r--r-- 1 root wheel 14618 Jun 4 13:27 phishing.safe.sites.conf
drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports
dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules
-rw-r--r-- 1 root cvs 9692 Jul 21 16:15 spam.assassin.prefs.conf
-r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf
-r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample
-rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf
bash-2.05b# ls -la rules
total 40
dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 .
dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 ..
drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS
-r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES
-r--r--r-- 1 root wheel 2964 Jun 4 13:27 README
-rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules
-rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules
-rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules
-rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules
-rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules
-rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules
-rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules
-rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules
-rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules
-rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules
-rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules
-rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules
>
> One other thought is your max or minimum size for attachments setting in
> the Mailscanner.conf file?
I'm testing with a 76k text file named test.scr and a copy named
test.sxw.doc.
Maximum Message Size = 0
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Should be no checking going on (I do RBLs, size checking, max recipients
on the MTA).
I would be perfectly willing to post any and all conf files online for
viewing.
DAve
>
> On Wed, 2006-07-26 at 16:58 -0400, DAve wrote:
>
>> Julian Field wrote:
>>> Can anyone else reproduce this behaviour?
>>> I sure can't :-(
>> I would wager I've done something very stupid. Woods, trees, that whole
>> metaphor thing.
>>
>> For what it's worth, some things are installed, but not showing up in
>> MailScanner -v. MailTools, IO-Stringy, Storable, File-Spec. I am double
>> checking to make sure they did in fact install.
>>
>> bash-2.05b# MailScanner -v
>> Running on
>> FreeBSD avhost2.tls.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb
>> 23 20:45:55 GMT 2004
>> root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386
>> This is Perl version 5.006002 (5.6.2)
>>
>> This is MailScanner version 4.54.6
>> Module versions are:
>> 1.16 Archive::Zip
>> 1.119 Convert::BinHex
>> 1.03 Fcntl
>> 2.6 File::Basename
>> 2.03 File::Copy
>> 2.00 FileHandle
>> 1.0404 File::Path
>> 0.16 File::Temp
>> 0.68 Filesys::Df
>> 1.35 HTML::Entities
>> 3.54 HTML::Parser
>> 2.37 HTML::TokeParser
>> 1.20 IO
>> 1.08 IO::File
>> 1.121 IO::Pipe
>> 1.74 Mail::Header
>> 3.07 MIME::Base64
>> 5.420 MIME::Decoder
>> 5.420 MIME::Decoder::UU
>> 5.420 MIME::Head
>> 5.420 MIME::Parser
>> 3.07 MIME::QuotedPrint
>> 5.420 MIME::Tools
>> 0.11 Net::CIDR
>> 1.03 POSIX
>> 1.72 Socket
>> 0.01 Sys::Syslog
>> 1.87 Time::HiRes
>> 1.01 Time::localtime
>>
>> Optional module versions are:
>> 0.17 Convert::TNEF
>> 1.806 DB_File
>> 1.12 DBD::SQLite
>> 1.50 DBI
>> 1.15 Digest
>> 1.01 Digest::HMAC
>> 2.36 Digest::MD5
>> 2.11 Digest::SHA1
>> missing Inline
>> missing Mail::ClamAV
>> 3.001001 Mail::SpamAssassin
>> 1.999001 Mail::SPF::Query
>> 0.20 Net::CIDR::Lite
>> 1.24 Net::IP
>> 0.57 Net::DNS
>> missing Net::LDAP
>> missing Parse::RecDescent
>> missing SAVI
>> 1.4 Sys::Hostname::Long
>> 2.58 Test::Harness
>> 0.62 Test::Simple
>> missing Text::Balanced
>> 1.35 URI
>>
>>
>> bash-2.05b# MailScanner --lint
>> Read 719 hostnames from the phishing whitelist
>> Config: calling custom init function MailWatchLogging
>> Config: calling custom init function SQLHighSpamScores
>> Config: calling custom init function SQLWhitelist
>> Config: calling custom init function SQLBlacklist
>> Config: calling custom init function SQLSpamScores
>> Checking for SpamAssassin errors (if you use it)...
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database
>> SpamAssassin reported no errors.
>>
>> MailScanner.conf says "Virus Scanners = clamav"
>> Found these virus scanners installed: clamav, bitdefender
>>
>>
>>
>>
>>> DAve wrote:
>>>> DAve wrote:
>>>>> DAve wrote:
>>>>>> Good morning,
>>>>>>
>>>>>> I have just had a user bring to my attention that since I upgraded
>>>>>> to 4.54.x we are no longer stopping filenames with double suffixes
>>>>>> or banned suffixes.
>>>>>>
>>>>>> I tried a test and sure enough two files went right through,
>>>>>> test.svx.doc and test.scr. I double checked my conf files and
>>>>>> everything looks good, mailscanner --lint shows no errors.
>>>>>>
>>>>>> I haven't changed anything in the conf file except to add MailWatch.
>>>>>> I went through the change log and docs and didn't see anything that
>>>>>> I thought would affect me.
>>>>>>
>>>>>> Has there been a change in how the filename.rules.conf files work?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> DAve
>>>>>>
>>>>> Hmm, double checked the filename.rules.conf and filetype.rules.conf
>>>>> and they looked fine (yes, tabs not spaces).
>>>>>
>>>>> Just on a whim I changed the MailScanner.conf to
>>>>> Filename Rules = %rules-dir%/user.filename.rules
>>>>> #Filename Rules = %etc-dir%/filename.rules.conf
>>>>>
>>>>> Then created %rules-dir%/user.filename.rules as
>>>>> # Default, disallow for all others
>>>>> To: default
>>>>> /usr/local/etc/MailScanner/filename.deny.rules.conf
>>>>> From: default
>>>>> /usr/local/etc/MailScanner/filename.deny.rules.conf
>>>>>
>>>>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf
>>>>> from the install source.
>>>>>
>>>>> Still test.svx.doc gets through as does test.scr. mailscanner --lint
>>>>> still shows no issues.
>>>>>
>>>>> I tried to run in debug mode but I got no unusual output. So I
>>>>> stopped MailScanner and called with the debug switch with no change.
>>>>> Is there a way to run in debug and output to the terminal?
>>>>>
>>>>> DAve
>>>>>
>>>> Well, I've tried using full paths in the Filename Rules = ,
>>>> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules
>>>>
>>>> I've tried adding a file suffix to Deny Filenames =
>>>> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$
>>>>
>>>> Nothing works, test.scr just flies right through. I'm pretty much left
>>>> with reinstall on all my servers unless I can find a way to see what
>>>> is happening.
>>>>
>>>> DAve
>>>>
>>
>> --
>> Three years now I've asked Google why they don't have a
>> logo change for Memorial Day. Why do they choose to do logos
>> for other non-international holidays, but nothing for
>> Veterans?
>>
>> Maybe they forgot who made that choice possible.
>
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
More information about the MailScanner
mailing list