How to allow double extension file?
Martin Hepworth
maxsec at gmail.com
Mon Jul 16 19:03:43 IST 2012
Put the rules at the top so they get hit first.
Dont forget to restart mailscanner afterwards
Martin
On Monday, 16 July 2012, Chris Stone wrote:
>
> On Mon, Jul 16, 2012 at 10:32 AM, J Gao <jgao at veecall.com<javascript:_e({}, 'cvml', 'jgao at veecall.com');>
> > wrote:
>
>> Hello,
>>
>> I added two lines on the bottom of the filename.rules.conf:
>> allow \.shp\.xml$ - -
>> allow \.kmz\.kml$ - -
>>
>> But the MailScanner still detect them as "Bad Filename" and drop them
>> into quarantine:
>>
>> MessageID: 5482680A2.A554E
>> Quarantine: /var/spool/MailScanner/quarantine/20120713/5482680A2.A554E
>> Report: MailScanner: Attempt to hide real filename extension
>> (aral.shp.xml)
>>
>
> Trying making sure to add it above the line:
>
> # Deny all other double file extensions. This catches any hidden filenames.
> allow \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename
> hiding Attempt to possibly hide real filename
> extension
>
>
> Chris
>
--
--
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120716/090a8882/attachment.html
More information about the MailScanner
mailing list