more on zero byte exe files

Glenn Steen glenn.steen at gmail.com
Tue Jan 30 16:03:50 CET 2007 

On 30/01/07, Glenn Steen <glenn.steen at gmail.com> wrote:
> On 30/01/07, Jeff A. Earickson <jaearick at colby.edu> wrote:
> > Gang,
> >
> > Since the file is zero bytes, named exe, and does not trigger
> > a sophos/clam virus event, I am having a lot of the following
> > messages outgoing:
> >
> >     From: MailScanner <postmaster at colby.edu>
> >     To: upwcc at wwsolutions.demon.co.uk
> >     Subject: Warning: E-mail viruses detected
> >
> >     Our e-mail content detector has just been triggered by a message you sent:
> >       To: llivshi at colby.edu
> >       Subject: Wine and Roses
> >       Date: Tue Jan 30 09:18:57 2007
> >
> >     One or more of the attachments (Greeting Card.exe) are on
> >     the list of unacceptable attachments for this site and will not have
> >     been delivered.
> >
> >     Consider renaming the files to avoid this constraint.
> >
> >     The virus detector said this about the message:
> >     Report: Report: MailScanner: Executable DOS/Windows programs are dangerous
> >     in email (Greeting Card.exe)
> >
> > which will make me (and MailScanner) *real* popular in the real world.
> > I don't want to remove the exe check in filename.rules.conf, which is
> > the only quick way I can think of to shut up MailScanner.  Help....
> >
> > Jeff Earickson
> > Colby College
> Set
> # *If* "Notify Senders" is set to yes, do you want to notify people
> # who sent you messages containing other blocked content, such as
> # partial messages or messages with external bodies?
> # This can also be the filename of a ruleset.
> Notify Senders Of Other Blocked Content = no
> temporarily.

Wrong quote, sloppy cut'n'paste... Sorry. Meant
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# their filename or file contents?
# This can also be the filename of a ruleset.
Notify Senders Of Blocked Filenames Or Filetypes = yes
... and nothing else.
But Drews/Jasons clever trick seems more workable in the long run, so
... do that instead:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list