what happend? Report: MailScanner: No programs allowed(msg-9368-6.txt)

Julian Field MailScanner at ecs.soton.ac.uk
Mon Jun 26 15:46:02 IST 2006


Yes, if you do not want any filetype checking at all.

On 26 Jun 2006, at 11:59, Gong Chaoyin wrote:

> thanks!
> May i set it like this?
>
> #File Command = /usr/bin/file
> File Commnad =
>
>
>
> 2006/6/26, Martin Hepworth <martinh at solid-state-logic.com>:
> Hi
>
> The 'file' program said the attachment was an executable....
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:  
> mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Gong Chaoyin
> > Sent: 26 June 2006 11:36
> > To: mailscanner at lists.mailscanner.info
> > Subject: what happend? Report: MailScanner: No programs allowed 
> (msg-9368-
> > 6.txt)
> >
> > please help me! the log:
> >
> > new Batch: Found 2 messages waiting
> > Jun 22 12:48:47 mail MailScanner[9368]: New Batch: Scanning
> > 1 messages, 36442 bytes
> > Jun 22 12:48:47 mail MailScanner[9368]: Virus and Content
> > Scanning: Starting
> > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No
> > executables (1FtH7W-0002Tm-S5 0)
> > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No
> > executables (1FtH7W-0002Tm-S5 msg-9368-3.txt)
> > Jun 22 12:48:47 mail MailScanner[9368]: Other Checks: Found
> > 2 problems
> > Jun 22 12:48:47 mail MailScanner[9368]: Saved entire
> > message to
> > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5
> > Jun 22 12:48:47 mail MailScanner[9368]: Saved infected
> > "msg-9368-3.txt" to
> > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5
> > Jun 22 12:48:47 mail MailScanner[9368]: Notices: Warned
> >
> > The following e-mails were found to have: Bad Filename Detected
> >
> > Sender: xiajianping at xxxxxxxx.com
> > IP Address: MailScanner warning: numerical links are often  
> malicious:
> > MailScanner warning: numerical links are often malicious:  
> 61.142.114.180 <MailScanner warning: numerical links are often  
> malicious: http://61.142.114.180>
> > Recipient: DHUANG at yyyyy.com, alancheung at yyyyy.com
> > Subject: ??: ??????PO#G0605207?
> > MessageID: 1FtH7W-0002Tm-S5
> > Quarantine: /var/spool/MailScanner/quarantine/ 
> 20060622/1FtH7W-0002Tm-S5
> > Report: MailScanner: No programs allowed (msg-9368-6.txt)
> > Report: MailScanner: No programs allowed ( msg-9368-3.txt)
> >
> > /etc/MailScanner/filename.rules.conf
> >
> > # These are known to be mostly harmless.
> > allow \.jpg$ - -
> > allow \.gif$ - -
> > # .url is arguably dangerous, but I can't just ban it...
> > allow \.url$ - -
> > allow \.vcf$ - -
> > allow \.txt$ - -
> > allow \.zip$ - -
> > allow \.t?gz$ - -
> > allow \.bz2$ - -
> > allow \.Z$ - -
> > allow \.rpm$ - -
> > # PGP and GPG
> > allow \.gpg$ - -
> > allow \.pgp$ - -
> > allow \.sit$ - -
> > allow \.asc$ - -
> > # Macintosh archives
> > allow \.hqx$ - -
> > allow \.sit.bin$ - -
> > allow \.sea$ - -
> >
> > /etc/MailScanner/filetype.rules.conf
> >
> > allow text - -
> > allow script - -
> > allow archive - -
> > allow postscript - -
> > deny self-extract No self-extracting archives No self-extracting  
> archives
> > allowed
> > deny executable No executables No programs allowed
> > deny ELF No executables No programs allowed
> > deny Registry No Windows Registry entries No Windows Registry files
> > allowed
> >
> > #deny MPEG No MPEG movies No MPEG movies allowed
> > #deny AVI No AVI movies No AVI movies allowed
> > #deny MNG No MNG/PNG movies No MNG movies allowed
> > #deny QuickTime No QuickTime movies No QuickTime movies allowed
> > #deny ASF No Windows media No Windows media files allowed
> > #deny metafont No Windows Metafont drawings No WMF drawings allowed
> >
> > what happend?
> >
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

-- 
Julian Field
MailScanner at ecs.soton.ac.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060626/f0676335/attachment.html


More information about the MailScanner mailing list