Filename Blocking Issue

Ken A ka at pacific.net
Tue Apr 13 20:34:00 IST 2010


See the changelog for version 4.76
Ken


On 4/13/2010 1:42 PM, Gottschalk, David wrote:
> Anyone? I hate to keep spamming the list, but I really could use some
> assistance with this.
>
> Thanks.
>
> David Gottschalk UTS Messaging Team david.gottschalk at emory.edu
>
>
> -----Original Message----- From:
> mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> Gottschalk, David Sent: Thursday, April 08, 2010 9:19 AM To:
> MailScanner discussion Subject: RE: Filename Blocking Issue
>
> Anyone have a answer to this question?
>
> This is a pretty serious problem for me.
>
> Thanks.
>
> David Gottschalk UTS Email team david.gottschalk at emory.edu
>
>
> -----Original Message----- From:
> mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> Gottschalk, David Sent: Tuesday, April 06, 2010 4:45 PM To:
> MailScanner discussion Subject: Filename Blocking Issue
>
> I have a strange issue with filenames being blocked that I have
> disabled.
>
> It appears that double file extensions are being blocked within .zip
> files, but not if they are not in a zip archive. I've disabled them
> in the filename.rules.conf with:
>
> # Deny all other double file extensions. This catches any hidden
> filenames. #deny   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found
> possible filename hiding                          Attempt to hide
> real filename extension
>
> I changed this to allow, but the same issue occurred. Is this a bug,
> or am I missing something obvious? I couldn't find anything regarding
> this issue on the list.
>
> Here is a example of a message being blocked.
>
> Apr  1 15:08:00 [mail.info] o31J7xJu028562: from=<removed>,
> size=219934, class=0, nrcpts=1, msgid=<removed>, proto=ESMTP,
> daemon=SMTP_TLSAUTH, relay=removed Apr  1 15:08:00 MailScanner:
> [mail.info] Filename Checks: Found possible filename hiding
> (o31J7xJu028562 rdf.tex.bak) Apr  1 15:08:01 MailScanner:
> [mail.notice] Saved infected "rdf.tex.bak" to
> /mailscanner/MailScanner/quarantine/20100401/o31J7xJu028562 Apr  1
> 15:08:01 MailScanner: [mail.notice] Saved infected "rdf.zip" to
> /mailscanner/MailScanner/quarantine/20100401/o31J7xJu028562 Apr  1
> 15:08:01 MailScanner: [mail.info] Message o31J7xJu028562 from removed
> (removed) to emory.edu is too big for spam checks (220506>  150000
> bytes)
>
> Thanks for any help that can be provided.
>
> David Gottschalk UTS Email team david.gottschalk at emory.edu
>
>
>
> This e-mail message (including any attachments) is for the sole use
> of the intended recipient(s) and may contain confidential and
> privileged information.  If the reader of this message is not the
> intended recipient, you are hereby notified that any dissemination,
> distribution or copying of this message (including any attachments)
> is strictly prohibited.
>
> If you have received this message in error, please contact the sender
> by reply e-mail message and destroy all copies of the original
> message (including attachments).

-- 
Ken Anderson
Pacific Internet - http://www.pacific.net


More information about the MailScanner mailing list