Mail-scanner not able to block exe in zip
Ryan Braganza
ryan.virgo at gmail.com
Thu Aug 30 14:16:12 IST 2012
Oh Great, thanks Vincent, it now works for me too ... dangerous content
scanning was set to no in my case as well
Thank you Joolee and Paul for your suggestions too :-)
On Wed, Aug 29, 2012 at 1:57 PM, Vincent Miszczak <vmiszczak at ankama.com>wrote:
> Hello,****
>
> ** **
>
> I’ve been running with this issue.****
>
> ** **
>
> In my case, the setting “dangerous content scanning” was set to “no”.
> Setting it to “yes” solved my problem.****
>
> ** **
>
> Regards****
>
> ** **
>
> *De :* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *De la part de* Ryan Braganza
> *Envoyé :* mercredi 29 août 2012 07:13
> *À :* MailScanner discussion
> *Objet :* Re: Mail-scanner not able to block exe in zip****
>
> ** **
>
> I did a fresh centos5.5 installion with the latest Mailscanner and its
> working perfect, It blocks all zipped exe's as desired. I guess there is
> some custom configuration on my production servers due to which it fails to
> work. Will check that out today.
>
> :-)****
>
> On Tue, Aug 28, 2012 at 7:25 PM, Ryan Braganza <ryan.virgo at gmail.com>
> wrote:****
>
> The File Command in my conf was /usr/bin/file , which I then set to
> /usr/bin/file -i .. Still no luck, ****
>
> ** **
>
> On Tue, Aug 28, 2012 at 4:14 PM, Joolee <mailscanner at joolee.nl> wrote:****
>
> As far as i know, this setting only applies to anti-spam features and
> perhaps virus scans. The other protection functions should ignore this
> setting. It would be pretty useless to only block executables lower than a
> certain file size and there is no mention in the rules files. (Although
> most virus executables are extremely small so they can be send in large
> volumes.)
>
> @Ryan:
> What is your value of the "File Command" setting? There was a discussion a
> while ago that this should be set to /path/to/file -i and was set to
> /path/to/file in older versions of MailScanner.****
>
> ** **
>
> On 28 August 2012 09:55, Paul Bijnens <Paul.Bijnens at xplanation.com> wrote:
> ****
>
>
> Is the setting "Max Spam Check Size" maybe excluding your large
> exe-inside-zip to be slipping through the fishing net?****
>
>
>
>
>
> On 2012-08-28 05:09, Ryan Braganza wrote:
> > Hi Joolee below are the contents of the files
> >
> > cat archives.filetype.rules.conf
> >
> > allow text - -
> > allow \bscript - -
> > allow archive - -
> > allow postscript - -
> > deny self-extract No self-extracting archives No
> self-extracting archives allowed
> > deny executable No executables No programs allowed
> > #EXAMPLE: deny - x-dosexec No DOS executables No DOS
> programs allowed
> > deny ELF No executables No programs allowed
> > deny Registry No Windows Registry entries No Windows Registry
> files allowed
> >
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > cat archives.filename.rules.conf |grep exe
> >
> > deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus
> > deny happy99\.exe$ "Happy" virus "Happy" virus
> > deny \.exe$ Windows/DOS Executable
> Executable DOS/Windows programs are
> > dangerous in email
> >
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> > This is the ref to those files in MailScanner.conf
> >
> > cat MailScanner.conf |grep ^Archives: |grep Rules
> >
> > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
> > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf
> >
> > Yes I am zipping the exe files when I send the mail.
> >
> >****
>
> > On Mon, Aug 27, 2012 at 8:34 PM, Joolee <mailscanner at joolee.nl <mailto:
> mailscanner at joolee.nl>> wrote:
> >
> > What is the contents of your (archive).filename/filetype.rules.conf
> ? And do you reference these files from your
> > Mailscanner.conf?
> >
> > And do you zip the ryan1.exe file in your example or did you send
> that as a plain, non-zipped attachment?
> >****
>
> > On 27 August 2012 15:55, Ryan Braganza <ryan.virgo at gmail.com<mailto:
> ryan.virgo at gmail.com>> wrote:
> >
> > Dear Users,
> >
> > I have enabled blocking of exe in zip archives by setting the
> "Maximum Archive Depth = 5"
> >
> > I have a proper exe file wininst-7.1.exe which maybe is some
> windows setup exe. When i do a file command for
> > this exe i get the below output
> >
> > file wininst-7.1.exe
> > wininst-7.1.exe: PE32 executable for MS Windows (GUI) Intel
> 80386 32-bit
> >
> > If I zip it and mail it, Mailscanner fails to block it and
> pass's it through.
> >
> > If a create a file with an exe extension
> >
> > file ryan1.exe
> > ryan1.exe: ASCII text
> >
> > Mailscanner is able to block it .....
> >
> > What could be wrong here ? the version am using is
> mailscanner-4.84.3-1
> >
> >
> >
> >
> > --****
>
> >
> *_________________________________________________________________________________
> > *****
>
> > * Someone wrote:
> > "I understand that if you play a Microsoft Windows CD backwards
> you hear strange Satanic messages"
> >****
>
> > To which someone replied:* *****
>
> > "It's even worse than that; play it forwards and it installs
> Windows Vista !"****
>
> >
> _________________________________________________________________________________*
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info <mailto:
> mailscanner at lists.mailscanner.info>****
>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> >
> >
> > --
> > MailScanner mailing list****
>
> > mailscanner at lists.mailscanner.info <mailto:
> mailscanner at lists.mailscanner.info>****
>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> >
> >
> >
> > --****
>
> >
> *_________________________________________________________________________________
> > *****
>
> > * Someone wrote:
> > "I understand that if you play a Microsoft Windows CD backwards you hear
> strange Satanic messages"
> >****
>
> > To which someone replied:* *****
>
> > "It's even worse than that; play it forwards and it installs Windows
> Vista !"****
>
> >
> _________________________________________________________________________________*
> >
> >
> >
>
>
>
> --
> Paul Bijnens, Xplanation Tel +32 16 397.525
> Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552
> ***********************************************************************
> * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
> * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., *
> * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, *
> * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, *
> * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... *
> * ... "Are you sure?" ... YES ... Phew ... I'm out *
> **************************************************************************
> *
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!****
>
> ** **
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!****
>
>
>
> ****
>
> -- ****
>
> *
> _________________________________________________________________________________
> *****
>
> * Someone wrote:
> "I understand that if you play a Microsoft Windows CD backwards you hear
> strange Satanic messages"
>
> To which someone replied:* ****
>
> * *
>
> *"It's even worse than that; play it forwards and it installs Windows
> Vista !"
>
> _________________________________________________________________________________
> *
>
> ** **
>
> ** **
>
>
>
>
> -- ****
>
> *
> _________________________________________________________________________________
> *****
>
> * Someone wrote:
> "I understand that if you play a Microsoft Windows CD backwards you hear
> strange Satanic messages"
>
> To which someone replied:* *
> "It's even worse than that; play it forwards and it installs Windows Vista
> !"
>
> _________________________________________________________________________________
> *****
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. ****
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
--
*
_________________________________________________________________________________
*
* Someone wrote:
"I understand that if you play a Microsoft Windows CD backwards you hear
strange Satanic messages"
To which someone replied:* *
"It's even worse than that; play it forwards and it installs Windows Vista
!"
_________________________________________________________________________________
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120830/40c9b6c4/attachment.html
More information about the MailScanner
mailing list