EXE Files Slipping Through

Martin.Hepworth martinh at solidstatelogic.com
Sat Aug 23 13:43:45 IST 2008


Mailscanner treats the envelope-to as the recipient as user to run the 'to' rules over. Otherwise if one user has 'yes' and another 'no' which should it obey?

If you're going to get around this you need to split the emails into individual recipients. There's 'how-to's for sendmail, postfix and exim in the wiki.


-----Original Message-----
From: Jon Bates <jon.bates at summitinvestment.com.au>
Sent: Saturday, August 23, 2008 1:31 PM
To: mailscanner at lists.mailscanner.info
Subject: EXE Files Slipping Through

Im hoping someone can help me here.

By using filename and filetype exceptions I've allowed myself to send and
receive .exe files. I've banned this for all other addresses though. The
reason for this is that it catches a huge amount of malware that slips
through Clamav/Sophos - at the moment its hundreds of "Fedex tracking
number" emails with a zipped exe attachment that aren't being detected!

My problem is when malware emails arrive which are addressed to me AS WELL
as other people - This means the infected email is actually delivered to the
other people on the email! Is this normal behaviour? I'm smart enough not to
open these emails, but other people are not!

Is there any way to stop this behaviour without me losing my ability to
send/receive EXE files?


MailScanner mailing list
mailscanner at lists.mailscanner.info

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom

More information about the MailScanner mailing list