Filetypes and filenames not being checked

DAve dave.list at pixelhammer.com
Fri Jul 28 18:27:50 IST 2006 

Dhawal Doshy wrote:
> DAve wrote:
>> Dhawal Doshy wrote:
>>> DAve wrote:
>>>> DAve wrote:
>>>>> Golden, James wrote:
>>>>>> I'm pretty new to this MailScanner stuff, so this may be too 
>>>>>> simple.  So
>>>>>> please excuse me.  What about the file permissions on your
>>>>>> filename.rules.conf or filetype.rules.conf? 
>>>>>
>>>>> I am in no position to question anyone's suggestions ;^)
>>>>>
>>>>> bash-2.05b# ls -la
>>>>> total 388
>>>>> dr-xr-xr-x   7 root  cvs     1024 Jul 26 10:21 .
>>>>> drwxr-xr-x  16 root  wheel   1024 Jul 25 09:04 ..
>>>>> drwxr-xr-x   2 root  cvs      512 Aug  9  2004 CVS
>>>>> -rw-r--r--   1 root  cvs    99589 Jul 26 10:21 MailScanner.conf
>>>>> drwxr-xr-x   2 root  cvs      512 Jul 27 13:02 bayes
>>>>> -r--r--r--   1 root  wheel  11426 Jun  4 13:27 country.domains.conf
>>>>> -rw-r--r--   1 root  cvs      197 Jul 21 12:59 
>>>>> filename.allow.rules.conf
>>>>> -rw-r--r--   1 root  cvs     6851 Jul 21 12:51 
>>>>> filename.deny.rules.conf
>>>>> -rw-r--r--   1 root  cvs      929 Jul 21 13:01 
>>>>> filetype.allow.rules.conf
>>>>> -rw-r--r--   1 root  cvs      921 Jul 21 12:51 
>>>>> filetype.deny.rules.conf
>>>>> dr-xr-xr-x   2 root  cvs      512 Jul 21 16:44 mcp
>>>>> -r--r--r--   1 root  wheel  14618 Jun  4 13:27 
>>>>> phishing.safe.sites.conf
>>>>> drwxr-xr-x   2 root  cvs     2048 Jun  4 13:44 reports
>>>>> dr-xr-xr-x   3 root  cvs      512 Jul 21 16:43 rules
>>>>> -rw-r--r--   1 root  cvs     9692 Jul 21 16:15 
>>>>> spam.assassin.prefs.conf
>>>>> -r--r--r--   1 root  cvs     2969 Feb 14  2005 spam.lists.conf
>>>>> -r--r--r--   1 root  wheel   2969 Jun  4 13:27 spam.lists.conf.sample
>>>>> -rw-r--r--   1 root  cvs     2834 Nov  2  2005 virus.scanners.conf
>>>>>
>>>>> bash-2.05b# ls -la rules
>>>>> total 40
>>>>> dr-xr-xr-x  3 root  cvs     512 Jul 21 16:43 .
>>>>> dr-xr-xr-x  7 root  cvs    1024 Jul 26 10:21 ..
>>>>> drwxr-xr-x  2 root  cvs     512 Aug  9  2004 CVS
>>>>> -r--r--r--  1 root  wheel  2817 Jun  4 13:27 EXAMPLES
>>>>> -r--r--r--  1 root  wheel  2964 Jun  4 13:27 README
>>>>> -rw-r--r--  1 root  cvs      90 Jun  4 13:50 bounce.rules
>>>>> -rw-r--r--  1 root  cvs    1743 Jun  6 18:40 highscore.delivery.rules
>>>>> -rw-r--r--  1 root  cvs    1529 Jun  6 18:40 mcp.delivery.rules
>>>>> -rw-r--r--  1 root  cvs      71 Jun  6 18:40 spam.blacklist.rules
>>>>> -rw-r--r--  1 root  cvs     961 Jun  6 18:40 spam.whitelist.rules
>>>>> -rw-r--r--  1 root  cvs     369 Jun  6 18:40 user.content.rules
>>>>> -rw-r--r--  1 root  cvs    1878 Jul 17 17:05 user.delivery.rules
>>>>> -rw-r--r--  1 root  cvs     636 Jul 21 12:49 user.filename.rules
>>>>> -rw-r--r--  1 root  cvs     636 Jul 21 12:50 user.filetype.rules
>>>>> -rw-r--r--  1 root  cvs     722 Jul 19 10:30 user.filtering.rules
>>>>> -rw-r--r--  1 root  cvs     251 Jun  6 18:40 user.mcp.rules
>>>>> -rw-r--r--  1 root  cvs     419 Jun  6 18:40 user.scanning.rules
>>>>>
>>>>>>
>>>>>> One other thought is your max or minimum size for attachments 
>>>>>> setting in
>>>>>> the Mailscanner.conf file?
>>>>>
>>>>> I'm testing with a 76k text file named test.scr and a copy named 
>>>>> test.sxw.doc.
>>>>>
>>>>> Maximum Message Size = 0
>>>>> Maximum Attachment Size = -1
>>>>> Minimum Attachment Size = -1
>>>>>
>>>>> Should be no checking going on (I do RBLs, size checking, max 
>>>>> recipients on the MTA).
>>>>>
>>>>> I would be perfectly willing to post any and all conf files online 
>>>>> for viewing.
>>>>
>>>> http://pixelhammer.com/MS/MailScanner.conf
>>>> http://pixelhammer.com/MS/user.filename.rules
>>>>
>>>> Last act of desperation. This is as simple as I can make it and it 
>>>> still is not stopping double suffix or even test.scr.
>>>>
>>>> Is there a stupid mistake I am just not seeing or is it time to 
>>>> reinstall everything?
>>>>
>>>> DAve
>>>
>>> And what is the content of 
>>> /usr/local/etc/MailScanner/rules/user.content.rules?
>>>
>>> - dhawal
>>
>> http://pixelhammer.com/MS/user.content.rules
>>
>> DAve
> 
> Well there lies your problem.. and i had previously hinted on this as 
> well. You have
> 
> Dangerous Content Scanning = %rules-dir%/user.content.rules
> 
> and /usr/local/etc/MailScanner/rules/user.content.rules
> To:    default        no   
> From:    default        no   
> 
> Which indicates that you are not checking for 'Dangerous Content 
> Scanning'. Filename/type checks depend on 'Dangerous Content Scanning'.. 
> set the From to 'yes' and re-test.
> 
> - dhawal

I'll test it, but that file has not been changed since my initial setup 
over two years ago. Hence why I responded that it was OK when you 
suggested I check it.

I say that but, the last upgrade involved SA, ClamAV, MailWatch, and 
MailScanner on three machines in one night. It is entirely possible I 
did that.

DAve


-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

More information about the MailScanner mailing list