Filetypes and filenames not being checked

DAve dave.list at pixelhammer.com
Fri Jul 28 19:21:43 IST 2006 

DAve wrote:
> Dhawal Doshy wrote:
>> DAve wrote:
>>> Dhawal Doshy wrote:
>>>> DAve wrote:
>>>>> DAve wrote:
>>>>>> Golden, James wrote:
>>>>>>> I'm pretty new to this MailScanner stuff, so this may be too 
>>>>>>> simple.  So
>>>>>>> please excuse me.  What about the file permissions on your
>>>>>>> filename.rules.conf or filetype.rules.conf? 
>>>>>>
>>>>>> I am in no position to question anyone's suggestions ;^)
>>>>>>
>>>>>> bash-2.05b# ls -la
>>>>>> total 388
>>>>>> dr-xr-xr-x   7 root  cvs     1024 Jul 26 10:21 .
>>>>>> drwxr-xr-x  16 root  wheel   1024 Jul 25 09:04 ..
>>>>>> drwxr-xr-x   2 root  cvs      512 Aug  9  2004 CVS
>>>>>> -rw-r--r--   1 root  cvs    99589 Jul 26 10:21 MailScanner.conf
>>>>>> drwxr-xr-x   2 root  cvs      512 Jul 27 13:02 bayes
>>>>>> -r--r--r--   1 root  wheel  11426 Jun  4 13:27 country.domains.conf
>>>>>> -rw-r--r--   1 root  cvs      197 Jul 21 12:59 
>>>>>> filename.allow.rules.conf
>>>>>> -rw-r--r--   1 root  cvs     6851 Jul 21 12:51 
>>>>>> filename.deny.rules.conf
>>>>>> -rw-r--r--   1 root  cvs      929 Jul 21 13:01 
>>>>>> filetype.allow.rules.conf
>>>>>> -rw-r--r--   1 root  cvs      921 Jul 21 12:51 
>>>>>> filetype.deny.rules.conf
>>>>>> dr-xr-xr-x   2 root  cvs      512 Jul 21 16:44 mcp
>>>>>> -r--r--r--   1 root  wheel  14618 Jun  4 13:27 
>>>>>> phishing.safe.sites.conf
>>>>>> drwxr-xr-x   2 root  cvs     2048 Jun  4 13:44 reports
>>>>>> dr-xr-xr-x   3 root  cvs      512 Jul 21 16:43 rules
>>>>>> -rw-r--r--   1 root  cvs     9692 Jul 21 16:15 
>>>>>> spam.assassin.prefs.conf
>>>>>> -r--r--r--   1 root  cvs     2969 Feb 14  2005 spam.lists.conf
>>>>>> -r--r--r--   1 root  wheel   2969 Jun  4 13:27 spam.lists.conf.sample
>>>>>> -rw-r--r--   1 root  cvs     2834 Nov  2  2005 virus.scanners.conf
>>>>>>
>>>>>> bash-2.05b# ls -la rules
>>>>>> total 40
>>>>>> dr-xr-xr-x  3 root  cvs     512 Jul 21 16:43 .
>>>>>> dr-xr-xr-x  7 root  cvs    1024 Jul 26 10:21 ..
>>>>>> drwxr-xr-x  2 root  cvs     512 Aug  9  2004 CVS
>>>>>> -r--r--r--  1 root  wheel  2817 Jun  4 13:27 EXAMPLES
>>>>>> -r--r--r--  1 root  wheel  2964 Jun  4 13:27 README
>>>>>> -rw-r--r--  1 root  cvs      90 Jun  4 13:50 bounce.rules
>>>>>> -rw-r--r--  1 root  cvs    1743 Jun  6 18:40 highscore.delivery.rules
>>>>>> -rw-r--r--  1 root  cvs    1529 Jun  6 18:40 mcp.delivery.rules
>>>>>> -rw-r--r--  1 root  cvs      71 Jun  6 18:40 spam.blacklist.rules
>>>>>> -rw-r--r--  1 root  cvs     961 Jun  6 18:40 spam.whitelist.rules
>>>>>> -rw-r--r--  1 root  cvs     369 Jun  6 18:40 user.content.rules
>>>>>> -rw-r--r--  1 root  cvs    1878 Jul 17 17:05 user.delivery.rules
>>>>>> -rw-r--r--  1 root  cvs     636 Jul 21 12:49 user.filename.rules
>>>>>> -rw-r--r--  1 root  cvs     636 Jul 21 12:50 user.filetype.rules
>>>>>> -rw-r--r--  1 root  cvs     722 Jul 19 10:30 user.filtering.rules
>>>>>> -rw-r--r--  1 root  cvs     251 Jun  6 18:40 user.mcp.rules
>>>>>> -rw-r--r--  1 root  cvs     419 Jun  6 18:40 user.scanning.rules
>>>>>>
>>>>>>>
>>>>>>> One other thought is your max or minimum size for attachments 
>>>>>>> setting in
>>>>>>> the Mailscanner.conf file?
>>>>>>
>>>>>> I'm testing with a 76k text file named test.scr and a copy named 
>>>>>> test.sxw.doc.
>>>>>>
>>>>>> Maximum Message Size = 0
>>>>>> Maximum Attachment Size = -1
>>>>>> Minimum Attachment Size = -1
>>>>>>
>>>>>> Should be no checking going on (I do RBLs, size checking, max 
>>>>>> recipients on the MTA).
>>>>>>
>>>>>> I would be perfectly willing to post any and all conf files online 
>>>>>> for viewing.
>>>>>
>>>>> http://pixelhammer.com/MS/MailScanner.conf
>>>>> http://pixelhammer.com/MS/user.filename.rules
>>>>>
>>>>> Last act of desperation. This is as simple as I can make it and it 
>>>>> still is not stopping double suffix or even test.scr.
>>>>>
>>>>> Is there a stupid mistake I am just not seeing or is it time to 
>>>>> reinstall everything?
>>>>>
>>>>> DAve
>>>>
>>>> And what is the content of 
>>>> /usr/local/etc/MailScanner/rules/user.content.rules?
>>>>
>>>> - dhawal
>>>
>>> http://pixelhammer.com/MS/user.content.rules
>>>
>>> DAve
>>
>> Well there lies your problem.. and i had previously hinted on this as 
>> well. You have
>>
>> Dangerous Content Scanning = %rules-dir%/user.content.rules
>>
>> and /usr/local/etc/MailScanner/rules/user.content.rules
>> To:    default        no   From:    default        no  
>> Which indicates that you are not checking for 'Dangerous Content 
>> Scanning'. Filename/type checks depend on 'Dangerous Content 
>> Scanning'.. set the From to 'yes' and re-test.
>>
>> - dhawal
> 
> I'll test it, but that file has not been changed since my initial setup 
> over two years ago. Hence why I responded that it was OK when you 
> suggested I check it.
> 
> I say that but, the last upgrade involved SA, ClamAV, MailWatch, and 
> MailScanner on three machines in one night. It is entirely possible I 
> did that.
> 
> DAve
> 
> 

user.content.rules changed to the following,

To: default  yes
From: default  yes

Both test.scr and test.sxw.doc blow right through.

X-TLS.net-MailScanner: Found to be clean

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

More information about the MailScanner mailing list