Mail-scanner not able to block exe in zip
Ryan Braganza
ryan.virgo at gmail.com
Tue Aug 28 04:09:41 IST 2012
Hi Joolee below are the contents of the files
cat archives.filetype.rules.conf
allow text - -
allow \bscript - -
allow archive - -
allow postscript - -
deny self-extract No self-extracting archives No self-extracting
archives allowed
deny executable No executables No programs allowed
#EXAMPLE: deny - x-dosexec No DOS executables No DOS programs
allowed
deny ELF No executables No programs allowed
deny Registry No Windows Registry entries No Windows Registry
files allowed
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
cat archives.filename.rules.conf |grep exe
deny pretty\s+park\.exe$ "Pretty Park" virus
"Pretty Park" virus
deny happy99\.exe$ "Happy" virus
"Happy" virus
deny \.exe$ Windows/DOS Executable
Executable DOS/Windows programs are dangerous in email
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is the ref to those files in MailScanner.conf
cat MailScanner.conf |grep ^Archives: |grep Rules
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf
Yes I am zipping the exe files when I send the mail.
On Mon, Aug 27, 2012 at 8:34 PM, Joolee <mailscanner at joolee.nl> wrote:
> What is the contents of your (archive).filename/filetype.rules.conf ? And
> do you reference these files from your Mailscanner.conf?
>
> And do you zip the ryan1.exe file in your example or did you send that as
> a plain, non-zipped attachment?
>
> On 27 August 2012 15:55, Ryan Braganza <ryan.virgo at gmail.com> wrote:
>
>> Dear Users,
>>
>> I have enabled blocking of exe in zip archives by setting the "Maximum
>> Archive Depth = 5"
>>
>> I have a proper exe file wininst-7.1.exe which maybe is some windows
>> setup exe. When i do a file command for this exe i get the below output
>>
>> file wininst-7.1.exe
>> wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
>>
>> If I zip it and mail it, Mailscanner fails to block it and pass's it
>> through.
>>
>> If a create a file with an exe extension
>>
>> file ryan1.exe
>> ryan1.exe: ASCII text
>>
>> Mailscanner is able to block it .....
>>
>> What could be wrong here ? the version am using is mailscanner-4.84.3-1
>>
>>
>>
>>
>> --
>> *
>> _________________________________________________________________________________
>> *
>> * Someone wrote:
>> "I understand that if you play a Microsoft Windows CD backwards you hear
>> strange Satanic messages"
>>
>> To which someone replied:* *
>> "It's even worse than that; play it forwards and it installs Windows
>> Vista !"
>>
>> _________________________________________________________________________________
>> *
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
--
*
_________________________________________________________________________________
*
* Someone wrote:
"I understand that if you play a Microsoft Windows CD backwards you hear
strange Satanic messages"
To which someone replied:* *
"It's even worse than that; play it forwards and it installs Windows Vista
!"
_________________________________________________________________________________
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120828/1470a295/attachment.html
More information about the MailScanner
mailing list