Not blocking executables
rob
rob at robhq.com
Mon Jan 29 18:30:32 CET 2007
On Mon, 29 Jan 2007 10:29:13 -0600, rob wrote
> On Mon, 29 Jan 2007 17:05:20 +0100, Glenn Steen wrote
> > On 29/01/07, rob <rob at robhq.com> wrote:
> > (snip)
> > >From /etc/MailScanner/MailScanner.conf
> > >
> > >
> > > File Command = /usr/bin/file
> > > Allow Filenames =
> > > Deny Filenames =
> > > Filename Rules = %etc-dir%/filename.rules.conf
> > > Allow Filetypes =
> > > Deny Filetypes =
> > > Filetype Rules = %etc-dir%/filetype.rules.conf
> > >
> > Ok good. Then what does
> > grep -i exe /etc/MailScanner/filename.rules.conf
> > /etc/MailScanner/filetype.rules.conf
> > give? Be as verbose as possible, redirect into a file and attach
> > that... Both files are a bit hysterical about whitespace... They
> > absolutely need have <TAB> as field separator... and I'd like to see
> > if these lines have that (or you could just check it:-). Then again,
> > MailScanner --lint is supposed to catch those:-).
> > But that is the secondary thing... the primary thing to check for here
> > is any "allow" lines that shouldn't be there.
> >
> > Perhaps time to start looking at the messages themselves too, how do
> > you send them? MIME type etc?
> >
> > Cheers
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
>
I feel stupid. Decided to compare the MailScanner.conf files from home and here at
work. Found this to be off:
Dangerous Content Scanning = no
Changed it to yes and back to normal. Going to find some hole to hide in now. Thanks
for you assitance on this.
More information about the MailScanner
mailing list