Can't block wmv files

[Glenn Steen]

On 02/12/2007, Michael Mansour <micoots at yahoo.com> wrote:
> Hi Hugo,
>
> --- Hugo van der Kooij <hvdkooij at vanderkooij.org>
> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Michael Mansour wrote:
> > > Hi,
> > >
> > > I'm using:
> > >
> > > mailscanner-4.65.3-1.noarch
> > >
> > > and trying to block various movie files for a
> > domain.
> > >
> > > I have done this sort of setup numerous times for
> > other domains and it
> > > all works fine, but for this one particular domain
> > I cannot get it to
> > > work. wmv's, avi's, mpg's, etc all pass through.
> >
> > First off. You never told us the difference with the
> > other domains.
>
> The email above was the "initial" look at this
> problem, since then I have determined that it's not
> domain specific but site-wide ie. I can't block ANY
> files at this point.
>
> What I did to confirm this was copy:
>
> filename.rules.conf to filename.rules.allowall.conf
>
> and
>
> filetype.rules.conf to filetype.rules.allowall.conf
>
> which guarantees all domains will have some sort of
> filtering of attachments in place, but files that are
> meant to be denied are still let through.
>
> I also remove any of the 127.0.0.1 entries I had in
> place for some of the rules files like
> dangerous.content.scanning etc and these removals also
> made no difference.
>
> Basically, this is now a very serious problem as all
> email domains we host for don't get any denied
> attachments.
>
> I find it hard to believe I'm the only one suffering
> from this problem as I've been running MailScanner for
> many years, I know it very well, and these filename
> and filetype rules have worked for many years, and the
> server environment I run (Red Hat 4 based) is not
> uncommon.
>
> I only noticed this problem when a client requested
> that more blocks be put into place for his domain.
>
> I wonder if others have tested it themselves to see if
> it's still working for them?
>
> > While it may seem irrelevant to you the exact
> > samples wil propably be
> > very relevant.  Can you packup the whole set of
> > files and make it
>
> I'm happy to make it available to you Hugo, I'll pack
> my configs on one of the servers up for you and email
> you directly.
>
> > available? It will definitly beat the snippets you
> > post in the messages
> > as important information might get lost.
> >
> > At one time I have been staring months on some odd
> > behaviour.
> >
> > I finaly removed a set of lines and retyped as they
> > appeared and to
> > problems was gone. I did a diff to a backup file and
> > there was a literal
> > backspace character in the config file which I never
> > noticed before.
>
> I've spent a week on this already and well over 24
> hours (cumulative) trouble-shooting it, and I'm still
> no closer to solving the problem.
>
> I even downgraded tonight one of the mail servers to
> 4.64.3 and deny's are still ignored.
>
> I'll email you shortly.
>
> Michael.
>
Hi Mic,

i got the files fine (finally:-), but haven't looked at them yet.

One thing though... Might this actually be the "don't scan already
scanned" thing kicking in?
Something you said in the private mail with the configs kind of lead
me in that direction.... As I understand it, the "outward facing
bastions" (mail2 and mail3) don't do the filetype/name scanning, just
the mailstore...?

Will go look at your setup now...

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se