MailScanner 4.84.3-1 can't deny any file.

Wed Nov 2 04:09:29 GMT 2011

I would try loading a default MailScanner.conf file and only editing the necessary parts. Then see what happens.
--
Jeremy McSpadden
Flux Labs, Inc
http://www.fluxlabs.net<http://www.fluxlabs.net/>
Endless Solutions
Office : 850-588-4626
Cell : 850-890-2543
Fax : 850-254-2955

On Nov 1, 2011, at 10:50 PM, 吳汝剛 wrote:

Yes,
It's also default setup.

#
# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their name, regardless of
# whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
Filename Rules = %etc-dir%/filename.rules.conf

I haven't change any setup.

2011/11/2 Jeremy McSpadden <jeremy at fluxlabs.net<mailto:jeremy at fluxlabs.net>>
Filename Rules = %etc-dir%/filename.rules.conf

--
Jeremy McSpadden
Flux Labs, Inc
http://www.fluxlabs.net<http://www.fluxlabs.net/>
Endless Solutions
Office : 850-588-4626
Cell : 850-890-2543
Fax : 850-254-2955

On Nov 1, 2011, at 10:22 PM, 吳汝剛 wrote:

It's my filename.rules.conf
deny    \.cur$                  Windows cursor file security vulnerability                                      Possible buffer overflow in Windows
deny    \.reg$          Possible Windows registry attack                                                Windows registry entries are very dangerous in email
It's default settings.
I haven't change any setup.

2011/11/2 Jeremy McSpadden <jeremy at fluxlabs.net<mailto:jeremy at fluxlabs.net>>
deny \.reg$   Windows registry attack
deny \.cur$ Cursor File

in filename.rules.conf
--
Jeremy McSpadden
Flux Labs, Inc
http://www.fluxlabs.net<http://www.fluxlabs.net/>
Endless Solutions
Office : 850-588-4626
Cell : 850-890-2543
Fax : 850-254-2955

On Nov 1, 2011, at 10:04 PM, 吳汝剛 wrote:

It's my setup.
# Do you want to scan the messages for potentially dangerous content?
# Setting this to "no" will disable all the content-based checks except
# Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
# This can also be the filename of a ruleset.
Dangerous Content Scanning = yes

I have set it to yes

2011/11/2 Jeremy McSpadden <jeremy at fluxlabs.net<mailto:jeremy at fluxlabs.net>>
Can you verify Dangerous Content Scanning is set to yes ?

--
Jeremy McSpadden
Flux Labs, Inc
http://www.fluxlabs.net<http://www.fluxlabs.net/>
Endless Solutions
Office : 850-588-4626
Cell : 850-890-2543
Fax : 850-254-2955

On Nov 1, 2011, at 9:43 PM, 吳汝剛 wrote:

Hello,
I test MailScanner 4.84.3-1 on Fedora 13 and Fedora 14.
It's can't deny any attachment at filetname.rules.conf list.
Example:
The default set deny .cur and .reg attachment.
But when I send mail with .cur or .reg attachment.
It's always can received this mail.
And I check maillog.
It's no show any error message.
Please check it.
I list fedora 13 and 14 some information.

[root at tw14 MailScanner]# MailScanner -v
Running on
Linux tw14.linguitronics.com<http://tw14.linguitronics.com/> 2.6.35.13-91.fc14.i686 #1 SMP Tue May 3 13:36:36 UTC 2011 i686 i686 i386 GNU/Linux
This is Fedora release 14 (Laughlin)
This is Perl version 5.012003 (5.12.3)

This is MailScanner version 4.84.3

[root at tw ~]# MailScanner -v
Running on
Linux tw.linguitronics.com<http://tw.linguitronics.com/> 2.6.34.9-69.fc13.i686 #1 SMP Tue May 3 09:20:30 UTC 2011 i686 i686 i386 GNU/Linux
This is Fedora release 13 (Goddard)
This is Perl version 5.010001 (5.10.1)

This is MailScanner version 4.84.3

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting