Filetype Checks: No executables on Japanese Emails

Alex Broens ms-list at alexb.ch
Thu Jun 3 15:18:10 IST 2010 

On 2010-06-03 16:08, Peter Ong wrote:
> Here's what I did... (these are tab separated, btw)
> 
> allow   -       text    -       -
> allow   -       text/x-mail     -       -
> allow   -       text/plain      -       -
> allow   -       message/rfc822  -       -
> 
> Here's what the configuration shows:
> [root at gateway005.inf MailScanner]# grep bin\/file MailScanner.conf
> File Command = /usr/bin/file
> 
> Furthermore,
> 
> [root at gateway005.inf ~]# service MailScanner reload
> Reloading MailScanner workers:
>          MailScanner:                                      [  OK  ]
>     Outgoing postfix:                                      [  OK  ]
> 
> But just to get really serious,
> 
> [root at gateway005.inf ~]# service MailScanner restart
> Shutting down MailScanner daemons:
>          MailScanner:                                      [  OK  ]
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
> Waiting for MailScanner to die gracefully ....5....0....5....0 dead.
> Starting MailScanner daemons:
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
>          MailScanner:
> 
>                                                            [  OK  ]
> 
> Let me show you the message I'm about to release:
> [root at gateway005.inf 490DC57284.A9461]# file -i msg-596-5.txt
> msg-596-5.txt: text/x-mail; charset=utf-8
> 
> So now I'm releasing it:
> [root at gateway005.inf 490DC57284.A9461]# sendmail -t -i < message
> 
> After releasing it, I get this in the logs:
> [root at gateway005.inf 55E5157282.A9520]# grep 55E5157282.A9520 /var/log/maillog
> Jun  3 06:57:48 gateway005 MailScanner[15406]: Filetype Checks: No executables (55E5157282.A9520 msg-15406-4.txt)
> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved entire message to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved infected "msg-15406-4.txt" to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> Jun  3 06:57:49 gateway005 MailScanner[15406]: Requeue: 55E5157282.A9520 to 964B157280
> 
> I go into the /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520 and do this:
> [root at gateway005.inf 55E5157282.A9520]# pwd
> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> [root at gateway005.inf 55E5157282.A9520]# file -i msg-15406-4.txt
> msg-15406-4.txt: text/x-mail; charset=utf-8
> 
> That's the same message.
> b1beb5fc88372863f249d91a717bb9ee  msg-596-5.txt
> b1beb5fc88372863f249d91a717bb9ee  msg-15406-4.txt
> 
> It appears that they are getting caught by the line:
> deny    executable      No executables          No programs allowed
> 
> What do I do? I need your help. Thank you.

Tried this?

revert all rules filetypes to default then

use in MailScanner.conf

File Command = /usr/bin/file -i

This works for my chinese/japanese/korean/russian users

Alex

More information about the MailScanner mailing list