Filetype Checks: No executables on Japanese Emails

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jun 3 17:12:43 IST 2010



On 03/06/2010 15:18, Alex Broens wrote:
> On 2010-06-03 16:08, Peter Ong wrote:
>> Here's what I did... (these are tab separated, btw)
>>
>> allow   -       text    -       -
>> allow   -       text/x-mail     -       -
>> allow   -       text/plain      -       -
>> allow   -       message/rfc822  -       -
>>
>> Here's what the configuration shows:
>> [root at gateway005.inf MailScanner]# grep bin\/file MailScanner.conf
>> File Command = /usr/bin/file
>>
>> Furthermore,
>>
>> [root at gateway005.inf ~]# service MailScanner reload
>> Reloading MailScanner workers:
>>          MailScanner:                                      [  OK  ]
>>     Outgoing postfix:                                      [  OK  ]
>>
>> But just to get really serious,
>>
>> [root at gateway005.inf ~]# service MailScanner restart
>> Shutting down MailScanner daemons:
>>          MailScanner:                                      [  OK  ]
>>          incoming postfix:                                 [  OK  ]
>>          outgoing postfix:                                 [  OK  ]
>> Waiting for MailScanner to die gracefully ....5....0....5....0 dead.
>> Starting MailScanner daemons:
>>          incoming postfix:                                 [  OK  ]
>>          outgoing postfix:                                 [  OK  ]
>>          MailScanner:
>>
>>                                                            [  OK  ]
>>
>> Let me show you the message I'm about to release:
>> [root at gateway005.inf 490DC57284.A9461]# file -i msg-596-5.txt
>> msg-596-5.txt: text/x-mail; charset=utf-8
>>
>> So now I'm releasing it:
>> [root at gateway005.inf 490DC57284.A9461]# sendmail -t -i < message
>>
>> After releasing it, I get this in the logs:
>> [root at gateway005.inf 55E5157282.A9520]# grep 55E5157282.A9520 
>> /var/log/maillog
>> Jun  3 06:57:48 gateway005 MailScanner[15406]: Filetype Checks: No 
>> executables (55E5157282.A9520 msg-15406-4.txt)
>> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved entire message 
>> to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
>> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved infected 
>> "msg-15406-4.txt" to 
>> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
>> Jun  3 06:57:49 gateway005 MailScanner[15406]: Requeue: 
>> 55E5157282.A9520 to 964B157280
>>
>> I go into the 
>> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520 and do this:
>> [root at gateway005.inf 55E5157282.A9520]# pwd
>> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
>> [root at gateway005.inf 55E5157282.A9520]# file -i msg-15406-4.txt
>> msg-15406-4.txt: text/x-mail; charset=utf-8
>>
>> That's the same message.
>> b1beb5fc88372863f249d91a717bb9ee  msg-596-5.txt
>> b1beb5fc88372863f249d91a717bb9ee  msg-15406-4.txt
>>
>> It appears that they are getting caught by the line:
>> deny    executable      No executables          No programs allowed
>>
>> What do I do? I need your help. Thank you.
>
> Tried this?
>
> revert all rules filetypes to default then
>
> use in MailScanner.conf
>
> File Command = /usr/bin/file -i
>
> This works for my chinese/japanese/korean/russian users
As I said earlier, please don't do this, MIME type checking is already 
built into the filetype.rules.conf file, just read the documentation at 
the top of the file.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list