Files being blocked despite configuration changes

Glenn Steen glenn.steen at gmail.com
Wed Jul 8 00:06:57 IST 2009


2009/7/6 Kaplan, Andrew H. <AHKAPLAN at partners.org>:
> Hi there --
>
> Thanks for your reply, and my apologies for not getting back you sooner. I was
> on vacation last week. I had a question on how would I go about implementing
Hi Andrew,

I'm on a rather less that relaxing vacation myself (helping a relative
repanel&paint a rather huge economy building (double garage, old
carpentry shop (kind of late 19-th centuy design), wood shed, etc
etc... The darned thing measures about 25x8 meters and is about 10 m
high)), so ... I'll try shift from hammers and nails to MS:-)

> your
> suggested "file -i" method. Would it be simply a matter of adding an argument
> to the /etc/init.d/MailScanner and/or /etc/sysconfig/MailScanner files, or is
> there another suggested method?

All you should need do, IIRC is to change the File Command setting in
MailScanner.conf, and perhaps look at/amend a few things in the
filetype.rules conf file (don't remember exactly). Some find that the
shift to mimetype detection become a bit too permissive (letting some
executables past...), so you should test it as thoroughly as possible.
Rather recently some kind soul posted a diff, to this list, for
removing the troublesome one-byte magics... That you might be able to
use, instead of switching to file -i.

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: Saturday, June 27, 2009 6:54 PM
> To: MailScanner discussion
> Subject: Re: Files being blocked despite configuration changes
>
> 2009/6/26 Kaplan, Andrew H. <AHKAPLAN at partners.org>:
>>
>> Hi there --
>>
>> I received a request to have .dat files be allowed through our mail server.
>> Files of this type
>> were normally sent to quarantine with an e-mail notification report stating
>> the following:
>>
>> Report: MailScanner: No programs allowed (set.dat)
>> Report: MailScanner: No programs allowed (set.dat)
>>
>> I reconfigured the filename.rules.conf and filetype.rules.conf files to
>> allow the above file
>> types to pass through without problem. Listed below are the syntaxes from
>> each of the
>> configuration files:
>>
>> filename.rules.conf
>> # Physics has requested that files of this type be allowed...
>> allow   \.dat$
>>
>> filetype.rules.conf
>> allow   dat             -                       Physics requested these be
>> allowed
>>
>> Once these changes were made, MailScanner along with the mailserver,
>> Sendmail, were
>> restarted via the /etc/init.d/MailScanner script. There were no failed
>> messages appearing
>> on-screen when this occurred.
>>
>> The problem is the following: even though the files in question have been
>> configured to
>> be allowed, they are still being blocked and sent to quarantine. The version
>> of MailScanner
>> is 4.72.5 while that of Sendmail is 8.14.1.
>>
>> What other steps and/or
>> corrections do I need to make in order to fix this? Thanks.
>>
> The file command doesn't know what "dat" is... It finds the "magic"
> strings/bytes that identify it as some type of executable (just run
> file on the quarantined file, if you store them, and you'll see). This
> might be due to the file actually being an executable, or accidentally
> triggering one of the more optimistic one-byte-magics ... in which
> case you either face editing/recompiling your magic file, or switching
> to "file -i" for file type purposes. The latter might be best.
>
> Cheers

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list