Files being blocked despite configuration changes
Kaplan, Andrew H.
AHKAPLAN at PARTNERS.ORG
Mon Jul 6 13:48:31 IST 2009
Hi there --
Thanks for your reply, and my apologies for not getting back you sooner. I was
on vacation last week. I had a question on how would I go about implementing
your
suggested "file -i" method. Would it be simply a matter of adding an argument
to the /etc/init.d/MailScanner and/or /etc/sysconfig/MailScanner files, or is
there another suggested method?
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
Sent: Saturday, June 27, 2009 6:54 PM
To: MailScanner discussion
Subject: Re: Files being blocked despite configuration changes
2009/6/26 Kaplan, Andrew H. <AHKAPLAN at partners.org>:
>
> Hi there --
>
> I received a request to have .dat files be allowed through our mail server.
> Files of this type
> were normally sent to quarantine with an e-mail notification report stating
> the following:
>
> Report: MailScanner: No programs allowed (set.dat)
> Report: MailScanner: No programs allowed (set.dat)
>
> I reconfigured the filename.rules.conf and filetype.rules.conf files to
> allow the above file
> types to pass through without problem. Listed below are the syntaxes from
> each of the
> configuration files:
>
> filename.rules.conf
> # Physics has requested that files of this type be allowed...
> allow \.dat$
>
> filetype.rules.conf
> allow dat - Physics requested these be
> allowed
>
> Once these changes were made, MailScanner along with the mailserver,
> Sendmail, were
> restarted via the /etc/init.d/MailScanner script. There were no failed
> messages appearing
> on-screen when this occurred.
>
> The problem is the following: even though the files in question have been
> configured to
> be allowed, they are still being blocked and sent to quarantine. The version
> of MailScanner
> is 4.72.5 while that of Sendmail is 8.14.1.
>
> What other steps and/or
> corrections do I need to make in order to fix this? Thanks.
>
The file command doesn't know what "dat" is... It finds the "magic"
strings/bytes that identify it as some type of executable (just run
file on the quarantined file, if you store them, and you'll see). This
might be due to the file actually being an executable, or accidentally
triggering one of the more optimistic one-byte-magics ... in which
case you either face editing/recompiling your magic file, or switching
to "file -i" for file type purposes. The latter might be best.
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
More information about the MailScanner
mailing list