Files being blocked despite configuration changes

Julian Field MailScanner at ecs.soton.ac.uk
Wed Jul 8 09:00:05 IST 2009 


On 08/07/2009 00:06, Glenn Steen wrote:
> 2009/7/6 Kaplan, Andrew H.<AHKAPLAN at partners.org>:
>    
>> Hi there --
>>
>> Thanks for your reply, and my apologies for not getting back you sooner. I was
>> on vacation last week. I had a question on how would I go about implementing
>>      
> Hi Andrew,
>
> I'm on a rather less that relaxing vacation myself (helping a relative
> repanel&paint a rather huge economy building (double garage, old
> carpentry shop (kind of late 19-th centuy design), wood shed, etc
> etc... The darned thing measures about 25x8 meters and is about 10 m
> high)), so ... I'll try shift from hammers and nails to MS:-)
>
>    
>> your
>> suggested "file -i" method. Would it be simply a matter of adding an argument
>> to the /etc/init.d/MailScanner and/or /etc/sysconfig/MailScanner files, or is
>> there another suggested method?
>>      
> All you should need do, IIRC is to change the File Command setting in
> MailScanner.conf, and perhaps look at/amend a few things in the
> filetype.rules conf file (don't remember exactly). Some find that the
> shift to mimetype detection become a bit too permissive (letting some
> executables past...), so you should test it as thoroughly as possible.
> Rather recently some kind soul posted a diff, to this list, for
> removing the troublesome one-byte magics... That you might be able to
> use, instead of switching to file -i.
>    
You shouldn't have to edit anything except filetype.rules.conf, MIME 
type detection is already built into that, just read the comments at the 
top of that file.
>    
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
>> Sent: Saturday, June 27, 2009 6:54 PM
>> To: MailScanner discussion
>> Subject: Re: Files being blocked despite configuration changes
>>
>> 2009/6/26 Kaplan, Andrew H.<AHKAPLAN at partners.org>:
>>      
>>> Hi there --
>>>
>>> I received a request to have .dat files be allowed through our mail server.
>>> Files of this type
>>> were normally sent to quarantine with an e-mail notification report stating
>>> the following:
>>>
>>> Report: MailScanner: No programs allowed (set.dat)
>>> Report: MailScanner: No programs allowed (set.dat)
>>>
>>> I reconfigured the filename.rules.conf and filetype.rules.conf files to
>>> allow the above file
>>> types to pass through without problem. Listed below are the syntaxes from
>>> each of the
>>> configuration files:
>>>
>>> filename.rules.conf
>>> # Physics has requested that files of this type be allowed...
>>> allow   \.dat$
>>>
>>> filetype.rules.conf
>>> allow   dat             -                       Physics requested these be
>>> allowed
>>>
>>> Once these changes were made, MailScanner along with the mailserver,
>>> Sendmail, were
>>> restarted via the /etc/init.d/MailScanner script. There were no failed
>>> messages appearing
>>> on-screen when this occurred.
>>>
>>> The problem is the following: even though the files in question have been
>>> configured to
>>> be allowed, they are still being blocked and sent to quarantine. The version
>>> of MailScanner
>>> is 4.72.5 while that of Sendmail is 8.14.1.
>>>
>>> What other steps and/or
>>> corrections do I need to make in order to fix this? Thanks.
>>>
>>>        
>> The file command doesn't know what "dat" is... It finds the "magic"
>> strings/bytes that identify it as some type of executable (just run
>> file on the quarantined file, if you store them, and you'll see). This
>> might be due to the file actually being an executable, or accidentally
>> triggering one of the more optimistic one-byte-magics ... in which
>> case you either face editing/recompiling your magic file, or switching
>> to "file -i" for file type purposes. The latter might be best.
>>
>> Cheers
>>      
> Cheers
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list