what happend? Report: MailScanner: No programs allowed(msg-9368-6.txt)

Martin Hepworth martinh at solid-state-logic.com
Mon Jun 26 11:45:59 IST 2006


Hi

The 'file' program said the attachment was an executable....

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Gong Chaoyin
> Sent: 26 June 2006 11:36
> To: mailscanner at lists.mailscanner.info
> Subject: what happend? Report: MailScanner: No programs allowed(msg-9368-
> 6.txt)
> 
> please help me! the log:
> 
> new Batch: Found 2 messages waiting
> Jun 22 12:48:47 mail MailScanner[9368]: New Batch: Scanning
> 1 messages, 36442 bytes
> Jun 22 12:48:47 mail MailScanner[9368]: Virus and Content
> Scanning: Starting
> Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No
> executables (1FtH7W-0002Tm-S5 0)
> Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No
> executables (1FtH7W-0002Tm-S5 msg-9368-3.txt)
> Jun 22 12:48:47 mail MailScanner[9368]: Other Checks: Found
> 2 problems
> Jun 22 12:48:47 mail MailScanner[9368]: Saved entire
> message to
> /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5
> Jun 22 12:48:47 mail MailScanner[9368]: Saved infected
> "msg-9368-3.txt" to
> /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5
> Jun 22 12:48:47 mail MailScanner[9368]: Notices: Warned
> 
> The following e-mails were found to have: Bad Filename Detected
> 
> Sender: xiajianping at xxxxxxxx.com
> IP Address: MailScanner warning: numerical links are often malicious:
> 61.142.114.180 <http://61.142.114.180>
> Recipient: DHUANG at yyyyy.com, alancheung at yyyyy.com
> Subject: ??: ??????PO#G0605207?
> MessageID: 1FtH7W-0002Tm-S5
> Quarantine: /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5
> Report: MailScanner: No programs allowed (msg-9368-6.txt)
> Report: MailScanner: No programs allowed (msg-9368-3.txt)
> 
> /etc/MailScanner/filename.rules.conf
> 
> # These are known to be mostly harmless.
> allow \.jpg$ - -
> allow \.gif$ - -
> # .url is arguably dangerous, but I can't just ban it...
> allow \.url$ - -
> allow \.vcf$ - -
> allow \.txt$ - -
> allow \.zip$ - -
> allow \.t?gz$ - -
> allow \.bz2$ - -
> allow \.Z$ - -
> allow \.rpm$ - -
> # PGP and GPG
> allow \.gpg$ - -
> allow \.pgp$ - -
> allow \.sit$ - -
> allow \.asc$ - -
> # Macintosh archives
> allow \.hqx$ - -
> allow \.sit.bin$ - -
> allow \.sea$ - -
> 
> /etc/MailScanner/filetype.rules.conf
> 
> allow text - -
> allow script - -
> allow archive - -
> allow postscript - -
> deny self-extract No self-extracting archives No self-extracting archives
> allowed
> deny executable No executables No programs allowed
> deny ELF No executables No programs allowed
> deny Registry No Windows Registry entries No Windows Registry files
> allowed
> 
> #deny MPEG No MPEG movies No MPEG movies allowed
> #deny AVI No AVI movies No AVI movies allowed
> #deny MNG No MNG/PNG movies No MNG movies allowed
> #deny QuickTime No QuickTime movies No QuickTime movies allowed
> #deny ASF No Windows media No Windows media files allowed
> #deny metafont No Windows Metafont drawings No WMF drawings allowed
> 
> what happend?
> 


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************



More information about the MailScanner mailing list