False Positive, How do I resolve this?
Steve Campbell
campbell at cnpapers.com
Fri Apr 4 19:14:09 IST 2008
Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Or add an 'allow' rule to filename.rules.conf that allows everything
> ending in \.htm$
>
> Rose, Bobby wrote:
>
>> Zip or rename the files without all those periods.
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Vernon
>> Webb
>> Sent: Friday, April 04, 2008 11:25 AM
>> To: 'MailScanner discussion'
>> Subject: False Positive, How do I resolve this?
>>
>> I have a client who sends email attachments in a zip file. The files (as
>> you can see below) are named the way the client needs them to be. How do
>> I get around this?
>>
>> The virus detector said this about the message:
>> Report: Report: MailScanner: Found possible filename hiding
>> (Supervisor.Sales.Rep.htm)
>> Report: MailScanner: Found possible filename hiding
>> (Director.of.Mktg.Corp.Sales.Mgr.Recruiting.Mgr.htm)
>> Report: MailScanner: Found possible filename hiding (Sales.Call.Cen.htm)
>> Report: MailScanner: Found possible filename hiding
>> (Medical.Sales.Rep.htm)
>> Report: MailScanner: Found possible filename hiding
>> (Sales.agent.Customer.service.Adm.htm)
>> Report: MailScanner: Found possible filename hiding (E.5.Sgt.htm)
>> Report: MailScanner: Found possible filename hiding (Successful.and.htm)
>> Report: MailScanner: Found possible filename hiding (Focused.on.Res.htm)
>> Report: MailScanner: Found possible filename hiding (Area.Sales.Mgr.htm)
>> Report: MailScanner: Found possible filename hiding (Operations.Man.htm)
>> Report: MailScanner: Found possible filename hiding (SALES.REP.htm)
>> Report: MailScanner: Found possible filename hiding (sales.man.htm)
>> Report: MailScanner: Found possible filename hiding (insurancec.rep.htm)
>> Report: MailScanner: Found possible filename hiding
>> (Senior.Sales.Rep.htm)
>>
>>
>> --
>> This message has been scanned for viruses and dangerous content at
>> comp-wiz.com, and is believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>
> Jules
>
> - --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.2 (Build 3005)
> Comment: (pgp-secured)
> Charset: ISO-8859-1
>
> wj8DBQFH9lLIEfZZRxQVtlQRAsvyAKDJWkaH1Qa+kzTGVQ/kmBDTxcNL0gCgyUdu
> 6TyA4sBIloiSyJKWaagfu2Y=
> =cdES
> -----END PGP SIGNATURE-----
>
>
Not really being much help here, but wasn't the underlying reason for
this rule fixed by Microsoft in Outlook & Outlook Express ages ago and
couldn't the rule that it's tripping over just be deleted? If I am
recalling correctly, then, I would find it really strange to still have
one of those versions of O or OE still around. I could be wrong though.
Since this is such a specific sender with special requirements for file
naming, and I am wrong about the M$ fix, I would think a ruleset would
work for a solution (if rulesets can be used for the parm).
Steve Campbell
More information about the MailScanner
mailing list