Confused about dangerous content scanning setup
Alex Neuman van der Hans
alex at nkpanama.com
Thu May 17 05:05:19 IST 2007
Remember to add ".rules" to the filename at the end, otherwise it doesn't
necessarily know it's a ruleset...
On Thu, 17 May 2007 00:00:26 +0000 (GMT), Andrew MacLachlan
<amaclach at yahoo.co.uk> wrote:
> In MailScanner.conf:
>
> # Should archives which contain any password-protected files be allowed?
> # Leaving this set to "no" is a good way of protecting against all the
> # protected zip files used by viruses at the moment.
> # This can also be the filename of a ruleset.
> Allow Password-Protected Archives = no
>
> I guess for your purposes you would want to create a rule for specific
> users:
>
> Allow Password-Protected Archives = %rules-dir%/zip.password
>
> zip.password:
> To:<tab>user at swatgear.com<tab>no
> FromOrTo:<tab>default<tab>yes
>
> -Andy
>
> ----- Original Message ----
> From: Chris W. Parker <cparker at swatgear.com>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Sent: Wednesday, 16 May, 2007 10:45:58 PM
> Subject: Confused about dangerous content scanning setup
>
> Hello,
>
> I need to have the ability to exclude users from filetype checks and
> content scanning. I'm not sure if that's the right terminology but what
> I need is for certain people to have their email scanned for viruses and
> spam but NOT filetype or password protected archives.
>
> Specifically, the owner periodically receives password protected zip
> files and I want those files to get through without any problems. I've
> managed to get MailScanner setup to archive those files (after they've
> been stripped) but it's a pain to then manually get them to him.
>
> I thought that the following settings would do the trick but the files
> are still being stripped:
>
> # Do you want to scan the messages for potentially dangerous content?
> # Setting this to "no" will disable all the content-based checks except
> # Virus Scanning, Allow Partial Messages and Allow External Message
> Bodies.
> # This can also be the filename of a ruleset.
> Dangerous Content Scanning = %rules-dir%/scan.dangerous.rules
>
> scan.dangerous.rules:
>
> To:<tab>user at swatgear.com<tab>no
> FromOrTo:<tab>default<tab>yes
>
>
> I looked through my old emails (and tried searching Google) and it seems
> that this is the correct setting... but still I have files being
> stripped.
>
> Here are some pertinent log file entries:
>
> May 16 14:43:03 filter MailScanner[26763]: Password-protected archive
> (launcher_promo.zip) in l4GLgoNV026771
> May 16 14:43:25 filter MailScanner[26763]: Saved entire message to
> /var/spool/MailScanner/quarantine/20070516/l4GLgoNV026771
> May 16 14:43:25 filter MailScanner[26763]: Saved infected
> "launcher_promo.zip" to
> /var/spool/MailScanner/quarantine/20070516/l4GLgoNV026771
>
>
> What am I missing?
>
>
> Thanks,
> Chris.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
---
Alex Neuman van der Hans,
N&K Technology Consultants
More information about the MailScanner
mailing list