Office 2007 is a problem for me.

[Rick Cooper]

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Jethro R Binks
> Sent: Tuesday, March 17, 2009 7:38 PM
> To: MailScanner discussion
> Subject: Re: Office 2007 is a problem for me.
> 
> On Tue, 17 Mar 2009, Zate Berg wrote:
> 
> > MailScanner is working wonderfully, except for Office 2007 
> files.  I 
> > find that a lot of these files contain other blocked file 
> contents, and 
> > are treated just like any other archive.  Has anyone found 
> a way to deal 
> > with these types of files without having to white list 
> extensions that 
> > are known to be bad?  I'd rather not have to allow *.bin , *.wmf or 
> > *.dat files through my mailscanner.
> 
> (Earlier I started a related thread, "Blocking of WMF").
> 
> I have often thought that it would useful for MailScanner to 
> have some 
> context when applying the filename rules, to give some 
> flexibility.  So 
> for example it might permit all or certain .wmf if it knows 
> it has found 
> them while digging around in an Office 2007 zip doc.  Perhaps another 
> field in filename.rules.conf that is a list of context matches 
> ('zip,msofficezip'), with a default of "all contexts".
> 
> Jethro.
> 

If you are saying have different rules for files found in an archive, I
second that. I have been patching MailScanner for years so I can have a
different  (more relaxed) set of file name/type rules for files inside an
archive than those for raw files. For instance blocking executables that
have names matching known malware while allowing all other .exe files inside
an archive. I hate the idea of setting the depth such as files inside
archives are not checked at all.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.