Script in email

Mark Sapiro mark at msapiro.net
Tue Jun 22 16:25:20 IST 2010 

On 11:59 AM, Kevin Miller wrote:
> I'm having trouble with inbound mail which contains a script.  I
> tried to post it to pastebin but our IPS put the kiebosh on it so I
> through it up on our ftp server in
> ftp://ftp.ci.juneau.ak.us/pub/EmailScript/.
> 
> The file is from /var/spool/MailScanner/quarantine/nonspam/...
> 
> MailScanner 4.78.17 Allow Script Tags is set to disarm
> 
> This only occurs when coming from one person who is external to us.
> Other scripts (if any) seem to be disarmed appropriately.
> 
> Don't know what's different about this one...


I sent your file through my MailScanner 4.80.10 and the script was
disarmed. The result is in the attached mail.zip.

Here are my non-default /etc/MailScanner/conf.d/local settings. I don't
think there's anything that would affect this.

[mark at sbh16 ~]$ grep -Ev "^#|^ *$" /etc/MailScanner/conf.d/local
%org-name% = GPC
%org-long-name% = Grizzly Peak Cyclists
%web-site% = sbh16.songbird.com
%report-dir% = /etc/MailScanner/reports/local
Max Children = 1
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Sendmail = /usr/sbin/sendmail.postfix
Sendmail2 = /usr/sbin/sendmail.postfix
Quarantine Group = ms_access
Quarantine Permissions = 0640
Scan Messages = %rules-dir%/scan.messages.rules
Add Text Of Doc = %rules-dir%/word_to_text.rules
Antiword = /usr/local/bin/antiword
Virus Scanners = clamd
Virus Names Which Are Spam = *UNOFFICIAL
Clamd Socket = /var/run/clamav/clamd.sock
Clamd Lock File = /var/lock/subsys/clamd
Allow Filenames = %rules-dir%/allow.filename.rules
Archives: Allow Filenames = %rules-dir%/allow.filename.rules
Quarantine Silent Viruses = yes
Quarantine Whole Message = yes
Information Header =
Minimum Stars If On Spam List = 1
Always Include SpamAssassin Report = yes
Multiple Headers = add
Place New Headers At Top Of Message = %rules-dir%/headers_on_top.rules
Hostname = the %org-name% MailScanner
Sign Clean Messages = no
Notify Senders = no
Notices To = %rules-dir%/notices_to.rules
Local Postmaster = postmaster at sbh16.songbird.com
Max Spam Check Size = 400k
Max SpamAssassin Size = 200k continue 200k
Required SpamAssassin Score = 5
SpamAssassin Auto Whitelist = no
SpamAssassin Timeout = 330
Spam Actions = %rules-dir%/spam_action.rules
High Scoring Spam Actions = %rules-dir%/high_spam_action.rules
SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Local State Dir = /var/lib/spamassassin
[mark at sbh16 ~]$

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mail.zip
Type: application/zip
Size: 2718 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100622/d5d70f85/mail.zip

More information about the MailScanner mailing list