Filename Blocking Issue

Gottschalk, David dgottsc at emory.edu
Thu Apr 8 14:19:22 IST 2010 

Anyone have a answer to this question?

This is a pretty serious problem for me.

Thanks.

David Gottschalk 
UTS Email team
david.gottschalk at emory.edu


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Gottschalk, David
Sent: Tuesday, April 06, 2010 4:45 PM
To: MailScanner discussion
Subject: Filename Blocking Issue

I have a strange issue with filenames being blocked that I have disabled.

It appears that double file extensions are being blocked within .zip files, but not if they are not in a zip archive. I've disabled them in the filename.rules.conf with:

# Deny all other double file extensions. This catches any hidden filenames.
#deny   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename hiding                          Attempt to hide real filename extension

I changed this to allow, but the same issue occurred. Is this a bug, or am I missing something obvious? I couldn't find anything regarding this issue on the list.

Here is a example of a message being blocked.

Apr  1 15:08:00 [mail.info] o31J7xJu028562: from=<removed>, size=219934, class=0, nrcpts=1, msgid=<removed>, proto=ESMTP, daemon=SMTP_TLSAUTH, relay=removed
Apr  1 15:08:00 MailScanner: [mail.info] Filename Checks: Found possible filename hiding (o31J7xJu028562 rdf.tex.bak)
Apr  1 15:08:01 MailScanner: [mail.notice] Saved infected "rdf.tex.bak" to /mailscanner/MailScanner/quarantine/20100401/o31J7xJu028562
Apr  1 15:08:01 MailScanner: [mail.notice] Saved infected "rdf.zip" to /mailscanner/MailScanner/quarantine/20100401/o31J7xJu028562
Apr  1 15:08:01 MailScanner: [mail.info] Message o31J7xJu028562 from removed (removed) to emory.edu is too big for spam checks (220506 > 150000 bytes)

Thanks for any help that can be provided.

David Gottschalk
UTS Email team
david.gottschalk at emory.edu



This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.  If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list