Mailscanner 4.79-11-1 for CentOS (5.5 x64) ignoring filename
rules?
Jules Field
MailScanner at ecs.soton.ac.uk
Thu Aug 5 19:33:19 IST 2010
On 05/08/2010 19:26, Alex Crow wrote:
> On 05/08/10 19:06, Jules Field wrote:
>> That is entirely as expected, due to the rule
>>
>> # Allow repeated file extension, e.g. blah.zip.zip
>> allow (\.[a-z0-9]{3})\1$ - -
>>
>> which appears before the double-extension-check rule, as it causes it
>> to allow files where people have accidentally doubled up the same
>> extension.
>>
>> Jules.
>>
> Dear Jules,
>
> The trouble is, I also had this with a test such as "<some random ssl
> cert>.crt.txt", which is certainly not repeated.
Yes, but .txt is probably allowed by a rule further up in the table.
> In fact, I've tried so many combinations and none of them have ever
> been flagged (unless they've had exe or dll or the like in there
> somewhere, when they don't trigger on the multiple extension but
> instead on executable content.)
>
> I will try disabling the "repeat" rule and see what happens anyway.
Give that a try. If you still can't get "foobar.abc.abc" stopped, then
give me a shout and I'll take a look.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list