Mail-scanner not able to block exe in zip

Ryan Braganza ryan.virgo at gmail.com
Tue Aug 28 04:09:41 IST 2012


Hi Joolee below are the contents of the files

cat archives.filetype.rules.conf

allow    text        -            -
allow    \bscript    -            -
allow    archive        -            -
allow    postscript    -            -
deny    self-extract    No self-extracting archives    No self-extracting
archives allowed
deny    executable    No executables        No programs allowed
#EXAMPLE: deny    -    x-dosexec    No DOS executables    No DOS programs
allowed
deny    ELF        No executables        No programs allowed
deny    Registry    No Windows Registry entries    No Windows Registry
files allowed
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
cat archives.filename.rules.conf |grep exe

deny    pretty\s+park\.exe$    "Pretty Park" virus
        "Pretty Park" virus
deny    happy99\.exe$        "Happy" virus
    "Happy" virus
deny    \.exe$        Windows/DOS Executable
Executable DOS/Windows programs are dangerous in email
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

This is the ref to those files in MailScanner.conf

cat MailScanner.conf |grep ^Archives: |grep Rules

Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf

Yes I am zipping the exe files when I send the mail.


On Mon, Aug 27, 2012 at 8:34 PM, Joolee <mailscanner at joolee.nl> wrote:

> What is the contents of your (archive).filename/filetype.rules.conf ? And
> do you reference these files from your Mailscanner.conf?
>
> And do you zip the ryan1.exe file in your example or did you send that as
> a plain, non-zipped attachment?
>
> On 27 August 2012 15:55, Ryan Braganza <ryan.virgo at gmail.com> wrote:
>
>> Dear Users,
>>
>> I have enabled blocking of exe in zip archives by setting the "Maximum
>> Archive Depth = 5"
>>
>> I have a proper exe file wininst-7.1.exe which maybe is some windows
>> setup exe. When i do a file command for this exe i get the below output
>>
>> file wininst-7.1.exe
>> wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
>>
>> If I zip it and mail it, Mailscanner fails to block it and pass's it
>> through.
>>
>> If a create a file with an exe extension
>>
>> file ryan1.exe
>> ryan1.exe: ASCII text
>>
>> Mailscanner is able to block it .....
>>
>> What could be wrong here ? the version am using is mailscanner-4.84.3-1
>>
>>
>>
>>
>> --
>> *
>> _________________________________________________________________________________
>> *
>> * Someone wrote:
>> "I understand that if you play a Microsoft Windows CD backwards you hear
>> strange Satanic messages"
>>
>> To which someone replied:* *
>> "It's even worse than that; play it forwards and it installs Windows
>> Vista !"
>>
>> _________________________________________________________________________________
>> *
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 
*
_________________________________________________________________________________
*
* Someone wrote:
"I understand that if you play a Microsoft Windows CD backwards you hear
strange Satanic messages"

To which someone replied:* *
"It's even worse than that; play it forwards and it installs Windows Vista
!"
_________________________________________________________________________________
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120828/1470a295/attachment.html 


More information about the MailScanner mailing list