File type rules

Paul R. Ganci ganci at nurdog.com
Wed Mar 1 02:59:52 GMT 2006 

I have been trying to turn off the damn RTF rules and have yet to be 
successful. From my filename.rules.conf I commented out:

# JKF 11/01/2006 Another Microsoft security vulnerability
#deny   winmail\.dat$           Windows security 
vulnerability                 No Outlook Rich Text Format messages due 
to security hole, use HTML instead

 From my filetype.rules.conf I commented out:

#deny   TNEF            Windows security vulnerability         No 
Outlook Rich Text Format messages due to security hole, use HTML instead
#deny   Transport Neutral Encapsulation Format          Windows security 
vulnerability           No Outlook Rich Text Format messages due to 
security hole, use HTML instead

and yet MailScanner continues to block these:

Feb  7 14:31:49 mx02 MailScanner[32634]: Virus and Content Scanning: 
Starting
Feb  7 14:31:52 mx02 MailScanner[32701]: Expanding TNEF archive at 
/var/spool/MailScanner/incoming/32701/k17LV2EK006288/winmail.dat
Feb  7 14:31:52 mx02 MailScanner[32701]: Virus and Content Scanning: 
Starting
Feb  7 14:31:55 mx02 MailScanner[32701]: Filename Checks: Windows 
security vulnerability (k17LV2EK006288 winmail.dat)
Feb  7 14:31:55 mx02 MailScanner[32701]: Other Checks: Found 1 problems
Feb  7 14:31:56 mx02 MailScanner[32701]: Saved infected "winmail.dat" to 
/var/spool/MailScanner/quarantine/20060207/k17LV2EK006288

Yes, I restarted MailScanner after changing these rules. Please, what do 
I have to do to get MailScanner to stop blocking these?

Thanks.

-- 
Paul (ganci at nurdog.com)

More information about the MailScanner mailing list