more on zero byte exe files
Anthony Peacock
a.peacock at chime.ucl.ac.uk
Tue Jan 30 16:28:46 CET 2007
Hi Julian,
Julian Field wrote:
>
>
> Glenn Steen wrote:
>> On 30/01/07, Glenn Steen <glenn.steen at gmail.com> wrote:
>>> On 30/01/07, Jeff A. Earickson <jaearick at colby.edu> wrote:
>>> > Gang,
>>> >
>>> > Since the file is zero bytes, named exe, and does not trigger
>>> > a sophos/clam virus event, I am having a lot of the following
>>> > messages outgoing:
>>> >
>>> > From: MailScanner <postmaster at colby.edu>
>>> > To: upwcc at wwsolutions.demon.co.uk
>>> > Subject: Warning: E-mail viruses detected
>>> >
>>> > Our e-mail content detector has just been triggered by a
>>> message you sent:
>>> > To: llivshi at colby.edu
>>> > Subject: Wine and Roses
>>> > Date: Tue Jan 30 09:18:57 2007
>>> >
>>> > One or more of the attachments (Greeting Card.exe) are on
>>> > the list of unacceptable attachments for this site and will not
>>> have
>>> > been delivered.
>>> >
>>> > Consider renaming the files to avoid this constraint.
>>> >
>>> > The virus detector said this about the message:
>>> > Report: Report: MailScanner: Executable DOS/Windows programs
>>> are dangerous
>>> > in email (Greeting Card.exe)
>>> >
>>> > which will make me (and MailScanner) *real* popular in the real world.
>>> > I don't want to remove the exe check in filename.rules.conf, which is
>>> > the only quick way I can think of to shut up MailScanner. Help....
>>> >
>>> > Jeff Earickson
>>> > Colby College
>>> Set
>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>> # who sent you messages containing other blocked content, such as
>>> # partial messages or messages with external bodies?
>>> # This can also be the filename of a ruleset.
>>> Notify Senders Of Other Blocked Content = no
>>> temporarily.
>>
>> Wrong quote, sloppy cut'n'paste... Sorry. Meant
>> # *If* "Notify Senders" is set to yes, do you want to notify people
>> # who sent you messages containing attachments that are blocked due to
>> # their filename or file contents?
>> # This can also be the filename of a ruleset.
>> Notify Senders Of Blocked Filenames Or Filetypes = yes
>> ... and nothing else.
>> But Drews/Jasons clever trick seems more workable in the long run, so
>> ... do that instead:-).
>>
>
> What would be your best long-term solution to this problem?
> Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
> ?
> Or have you a better idea? It needs to be very simple to write at this
> point in time.
Well in my case these messages do not seem to be triggering the small
attachment rule, they are all being caught by filename rules.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
More information about the MailScanner
mailing list