Filetype Checks: No executables on Japanese Emails

Peter Ong peter.ong at hypermediasystems.com
Thu Jun 3 17:48:30 IST 2010


Jules,

I could really use your advice on this. Did you read my troubleshooting steps? It only appears lengthy. I did what you recommended and the results are in my post.

p

----- Original Message -----

> From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Thursday, June 3, 2010 9:12:43 AM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> On 03/06/2010 15:18, Alex Broens wrote:
> > On 2010-06-03 16:08, Peter Ong wrote:
> >> Here's what I did... (these are tab separated, btw)
> >>
> >> allow   -       text    -       -
> >> allow   -       text/x-mail     -       -
> >> allow   -       text/plain      -       -
> >> allow   -       message/rfc822  -       -
> >>
> >> Here's what the configuration shows:
> >> [root at gateway005.inf MailScanner]# grep bin\/file MailScanner.conf
> >> File Command = /usr/bin/file
> >>
> >> Furthermore,
> >>
> >> [root at gateway005.inf ~]# service MailScanner reload
> >> Reloading MailScanner workers:
> >>          MailScanner:                                      [  OK 
> ]
> >>     Outgoing postfix:                                      [  OK 
> ]
> >>
> >> But just to get really serious,
> >>
> >> [root at gateway005.inf ~]# service MailScanner restart
> >> Shutting down MailScanner daemons:
> >>          MailScanner:                                      [  OK 
> ]
> >>          incoming postfix:                                 [  OK 
> ]
> >>          outgoing postfix:                                 [  OK 
> ]
> >> Waiting for MailScanner to die gracefully ....5....0....5....0
> dead.
> >> Starting MailScanner daemons:
> >>          incoming postfix:                                 [  OK 
> ]
> >>          outgoing postfix:                                 [  OK 
> ]
> >>          MailScanner:
> >>
> >>                                                            [  OK 
> ]
> >>
> >> Let me show you the message I'm about to release:
> >> [root at gateway005.inf 490DC57284.A9461]# file -i msg-596-5.txt
> >> msg-596-5.txt: text/x-mail; charset=utf-8
> >>
> >> So now I'm releasing it:
> >> [root at gateway005.inf 490DC57284.A9461]# sendmail -t -i < message
> >>
> >> After releasing it, I get this in the logs:
> >> [root at gateway005.inf 55E5157282.A9520]# grep 55E5157282.A9520 
> >> /var/log/maillog
> >> Jun  3 06:57:48 gateway005 MailScanner[15406]: Filetype Checks: No
> 
> >> executables (55E5157282.A9520 msg-15406-4.txt)
> >> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved entire message
> 
> >> to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> >> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved infected 
> >> "msg-15406-4.txt" to 
> >> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> >> Jun  3 06:57:49 gateway005 MailScanner[15406]: Requeue: 
> >> 55E5157282.A9520 to 964B157280
> >>
> >> I go into the 
> >> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520 and do
> this:
> >> [root at gateway005.inf 55E5157282.A9520]# pwd
> >> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> >> [root at gateway005.inf 55E5157282.A9520]# file -i msg-15406-4.txt
> >> msg-15406-4.txt: text/x-mail; charset=utf-8
> >>
> >> That's the same message.
> >> b1beb5fc88372863f249d91a717bb9ee  msg-596-5.txt
> >> b1beb5fc88372863f249d91a717bb9ee  msg-15406-4.txt
> >>
> >> It appears that they are getting caught by the line:
> >> deny    executable      No executables          No programs
> allowed
> >>
> >> What do I do? I need your help. Thank you.
> >
> > Tried this?
> >
> > revert all rules filetypes to default then
> >
> > use in MailScanner.conf
> >
> > File Command = /usr/bin/file -i
> >
> > This works for my chinese/japanese/korean/russian users
> As I said earlier, please don't do this, MIME type checking is already
> 
> built into the filetype.rules.conf file, just read the documentation
> at 
> the top of the file.
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!


More information about the MailScanner mailing list