Confused about dangerous content scanning setup
Andrew MacLachlan
amaclach at yahoo.co.uk
Thu May 17 01:00:26 IST 2007
In MailScanner.conf:
# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no
I guess for your purposes you would want to create a rule for specific users:
Allow Password-Protected Archives = %rules-dir%/zip.password
zip.password:
To:<tab>user at swatgear.com<tab>no
FromOrTo:<tab>default<tab>yes
-Andy
----- Original Message ----
From: Chris W. Parker <cparker at swatgear.com>
To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Sent: Wednesday, 16 May, 2007 10:45:58 PM
Subject: Confused about dangerous content scanning setup
Hello,
I need to have the ability to exclude users from filetype checks and
content scanning. I'm not sure if that's the right terminology but what
I need is for certain people to have their email scanned for viruses and
spam but NOT filetype or password protected archives.
Specifically, the owner periodically receives password protected zip
files and I want those files to get through without any problems. I've
managed to get MailScanner setup to archive those files (after they've
been stripped) but it's a pain to then manually get them to him.
I thought that the following settings would do the trick but the files
are still being stripped:
# Do you want to scan the messages for potentially dangerous content?
# Setting this to "no" will disable all the content-based checks except
# Virus Scanning, Allow Partial Messages and Allow External Message
Bodies.
# This can also be the filename of a ruleset.
Dangerous Content Scanning = %rules-dir%/scan.dangerous.rules
scan.dangerous.rules:
To:<tab>user at swatgear.com<tab>no
FromOrTo:<tab>default<tab>yes
I looked through my old emails (and tried searching Google) and it seems
that this is the correct setting... but still I have files being
stripped.
Here are some pertinent log file entries:
May 16 14:43:03 filter MailScanner[26763]: Password-protected archive
(launcher_promo.zip) in l4GLgoNV026771
May 16 14:43:25 filter MailScanner[26763]: Saved entire message to
/var/spool/MailScanner/quarantine/20070516/l4GLgoNV026771
May 16 14:43:25 filter MailScanner[26763]: Saved infected
"launcher_promo.zip" to
/var/spool/MailScanner/quarantine/20070516/l4GLgoNV026771
What am I missing?
Thanks,
Chris.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list