File name/type actions?

Greg Borders gborders at balanceconsult.com
Tue Jan 22 21:42:18 GMT 2008 

>
> Greg Borders wrote:
>   
>> Greetings fellow MailScanners!  I've got an interesting question that 
>> was brought
>> to my attention by a user.  They recently had a file attachment that 
>> triggered
>> one of the file type rules. (filename.rules.conf) And it was of course 
>> sent to the quarantine.
>>
>> In general, TheCompany doesn't want to block files,
>> they want a notification that it triggered a rule, and still deliver it,
>> just like the system can do for spam:
>>
>>
>> Use SpamAssassin = yes
>> #
>> # What to do with spam
>> # --------------------
>> #    notify                  - Send the recipients a short notification
>> Spam Actions = store deliver header "X-Spam-Status: Yes"
>>
>>
>> Would it be possible to emulate this same action on the other set of 
>> filters/checks?
>> (Namely the file  name/type checks in this case.)
>> Correct me if I'm wrong, but I think the file name/type checks are 
>> governed by
>> the dangerous content setting:
>>
>> #
>> # Removing/Logging dangerous or potentially offensive content
>> # -----------------------------------------------------------
>> #
>>
>> # Do you want to scan the messages for potentially dangerous content?
>> # Setting this to "no" will disable all the content-based checks except
>> # Virus Scanning, Allow Partial Messages and Allow External Message 
>> Bodies.
>> # This can also be the filename of a ruleset.
>> Dangerous Content Scanning = yes
>>
>>
>>
>> It would be nice to have a simple add-on such as a new directive:
>>
>> Dangerous Content Actions = store notify deliver
>>
>> Thus emulate the same logic as the Spam Actions, but I know how Jules
>> hates to add more to the conf file than necessary.
>>
>> Perhaps adding in a ruleset that points to a custom function is an 
>> option?
>>
>> Thanks in advance for your advice.
>>
>> Greg. Borders
>>
>>
>>
>>     
> Julian Field wrote:
>   
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Would you want a separate email, or a message prepended to the start of 
>> the email containing the problem attachment? The latter, I suspect.
>>
>> Unfortunately, this really isn't at all easy to do. I doubt I can do it, 
>> but I will take a look even so.
>>
>> Best regards,
>> Jules.
Thanks for the look Julian!  You would be correct on the assumption of a 
prepended message, exactly like the spam notify action.

I can understand the added complexity of having to deal with an 
attachment as well as the message itself.

I'm not familiar enough with the innerworkings of MailScanner to be able 
to suggest any GoodIdeas beyond the general flow. But here goes my best 
guestimate:
Thinking through the flow for the program, following the logic from the 
documentation, the file type/name check happens all before the spam and 
virus checking.
Tagging the header would have to come after that, probably at the time 
the signature and spam headers would be added.
The crux is what kind of state is the message in in the interim?
I vaguely recall that you have a "copy" in a temp location that gets the 
tests ran on it. If that "test copy" is still encoded in mime, it might 
not be too bad to deal with.
Then the question of at what point do you check the store / notify / 
deliver options the user has selected?  And what do we do for each choice.
For the store action, tossing it into the quarantine as normal would be 
fine.
For the delete action, /dev/null the beast! (evil bunny grin.)
It gets tricky for the deliver and notify. 
If you do both,  it would need the header added (or flag set to add 
later) and then send on to next test, or on out to the MTA.
Deliver alone would be the same as not doing the the file check in the 
first place.
Notify alone. Send just email with header? Send special notify message only?

UGH! Plenty of scenarios to try to work through.

Feel free to call on my assistance, I'll try to help as best I can.

Sincerely,

Greg. Borders

--

This email message and any document accompanying it may contain information intended only for the person(s) named.  Any use, distribution, copying or disclosure by another person is strictly prohibited. 
NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION:
DISCLOSURE UNDER TREASURY CIRCULAR 230:
Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency.  This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080122/d104c854/attachment.html

More information about the MailScanner mailing list