Can't block wmv files

Michael Mansour micoots at yahoo.com
Sun Dec 2 04:10:15 GMT 2007


Hi,

--- Michael Mansour <micoots at yahoo.com> wrote:

> Hi Peter,
> 
> shuttlebox <shuttlebox at gmail.com> wrote: On Nov 29,
> 2007 1:31 AM, Michael Mansour  wrote:
> > I also have the tnef installed but because I have
> tried different extensions
> > (wmv, lnk, swf) from different freemail providers,
> it wouldn't be because of
> > tnef.
> 
> Turn on archiving for your own address so you can
> study the messages
> as they enter MailScanner, you can unpack the
> attachments there and
> run the file command on them and see what it says.
> This was something I didn't think of trying, so I
> have taken your advice and ran an archive of mail.
> 
> I emailed myself a wmv from my gmail account, and
> got this:
> 
> dflATBKPHb018211
> 
> I then ran:
> 
> # uudeview dflATBKPHb018211
> Loaded from dflATBKPHb018211: ''
> (Don_tjudgetooquickly3.wmv):
> Don_tjudgetooquickly3.wmv part 1   Base64
> 
> Found 'Don_tjudgetooquickly3.wmv' State 16 Base64
> Parts 1 OK
> 
>   -rw-r--r-- Don_tjudgetooquickly3.wmv is OK   [d]
> (?=help) d
>     File successfully written to
>
/home/MailScanner/archive/20071129/Don_tjudgetooquickly3.wmv
> 1 file decoded from 1 input file, 0 failed
> 
> which produced:
> 
> # ll
> total 1534
> -rw-rw----  1 root root 889559 Nov 29 22:24
> dflATBKPHb018211
> -rw-r--r--  1 root root 658299 Nov 29 22:31
> Don_tjudgetooquickly3.wmv
> 
> and we see this:
> 
> # file Don_tjudgetooquickly3.wmv
> Don_tjudgetooquickly3.wmv: Microsoft ASF
> 
> yet I have this denied here:
> 
> deny    ASF             No Windows media        No
> Windows media files allowed
> 
> I'm really stumped why this is just let through.

I've just spent another 5 hours on this problem and am
now giving up and putting this down as a broken
feature of MailScanner.

What I've done this time is:

* re-installed MailScanner, choosing 4.66 (which ended
up breaking with another smtp socket error which I
emailed the beta list)

* re-installed MailScanner 4.65.3 with the
./install.sh script so it went through and
re-installed various perl modules

* configured the options "Deny Filenames" and "Deny
Filetypes" in MailScanner.conf to deny postscript,
script, PDF etc

* configured a "test" domain (live on the internet but
one of mine I don't use for email) with filename.rules
and filetype.rules files to deny PDF, postscript, etc

* downgraded perl to what it was prior to November 2
when Red Hat released 5.8.5-36.2, so I'm now running
5.8.5-36

* ran MailScanner in debug modes with full logging for
non-spam, filename and filetype logging

* ran in archive mail mode so I could run the "file"
command on the message to see what it is, and also use
uudeview to see what it is.

and much more, all to no avail. I simply haven't been
able to get MailScanner blocking/denying anything at
all, and I know this used to work months ago but since
then I haven't received requests for more blocks to be
put into place until now, only to realise I can't
block anymore.

I've spent days on this one problem now and have
exhausted all my options, if any one else has ideas as
to why this wouldn't work or what else I can try,
please let me know.

Michael.

> Michael.
> -- 
> /peter
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read
> http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off
> the website! 
> 
> 
>        
> ---------------------------------
> Make the switch to the world's best email. Get the
> new Yahoo!7 Mail now.> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read
> http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off
> the website! 
> 



      Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail




More information about the MailScanner mailing list