Filename rule question

Marco Induni minduni at ti-edu.ch
Wed Jul 4 08:31:34 IST 2007 

Glenn Steen wrote:
> On 03/07/07, Marco Induni <minduni at ti-edu.ch> wrote:
>> Hi All,
>> I try to deny some email attachments based just on the filename.
>> So I setup the following test rule to deny all attachment for email
>> sended to me at pluto.com (obviously just a real address)
>>
>> - in /etc/MailScanner/Mailscanner.conf
>> -- Filename Rules = %rules-dir%/filename-rules.rules
>>
>> - in /etc/MailScanner/rules/filename-rules.rules
>> -- To: me at pluto.com           /etc/MailScanner/filename-alldeny.conf
>> -- FromOrTo: default
>> /etc/MailScanner/filename-nocheck.rules.conf
>>
>> - in /etc/MailScanner/filename-alldeny.conf
>> -- deny    .*      -            -
>>
>> - in /etc/MailScanner/filename-nocheck.rules.conf
>> -- allow    .*      -           -
>>
>>
>> So I expect that any attachment will be denied, but is not true.
>> It seems that everything is passing through, and the rule is not
>> matching anything.
>> I've done MailScanner --lint and no syntax error appear.
>> I've also tried the standard rules enclosed (deny .exe .reg,...), but
>> didn't work.
> 
> When  troubleshooting things like these, always doublecheck your
> assumptions with MailScanner itself... Try "MailScanner --help" to see
> the possible things you can do ... apart from the well-known --debug
> and --lint (start by doing a lint... it'll show you any bad syntax
> errors), you can also try any setting with any sender/receiver .... In
> your case you'd test
> MailScanner --value=filenamerules --from=anyone at example.net 
> --to=me at pluto.com
> and perhaps some variations ... Replace with addresses valid to your 
> situation.
> 
Glenn,
thanks for the suggestions. I've verified with Mailscanner 
--value=filenamerules and the various address to be sure that the result 
  point to the rule that deny the attachment(see below)

Looked up internal option name "filenamerules"
With sender = root at xxx
   recipient = xxx at xx
Client IP =
Virus =
Result is "/etc/MailScanner/filename-alldeny.conf"


But unfortunately the attachment are still allowed
I've double checked to see if I've placed space instead of TAB on the 
rule, but all seems ok.

Also the MailScanner --lint don't get any syntax error.

Actually I've tested on MailScanner 4.58.9 and 4.61.7 with the same result.

On the /etc/MailScanner/filename-alldeny.conf there is just
deny	.*	-	-

and in MailScanner.conf

Allow Filenames =
Deny Filenames =
Filename Rules = %rules-dir%/filename-rules.rules


No idea :-(

Thanks
marco


>> Question, for the filename rule to work, should I always setup also the
>> filetype rule ?
> 
> Almost always a good thing to do, yes. Check those with the same
> strategy/commands.
> 
> 
>> Any other ideas ?
>> Where I'm wrong ?
> 
> Probably a typo. Might be related to those files needing to be <TAB>
> separated...
> 
> Cheers


-- 
Marco Induni
Universita` della Svizzera italiana
Servizi informatici / TI-EDU
Galleria 2
CH-6928 Manno (Switzerland)
E-mail: minduni at ti-edu.ch
Tel: +41 58 666 6656
Fax: +41 58 666 6650

More information about the MailScanner mailing list