How to allow double extension file?

J Gao jgao at veecall.com
Mon Jul 16 20:13:51 IST 2012


On 12-07-16 09:32 AM, J Gao wrote:
> Hello,
>
> We have a client send us email with zipped attachment. It contain files
> like:
> file1.shp.xml
> file2.kmz.kml
>
> I added two lines on the bottom of the filename.rules.conf:
> allow   \.shp\.xml$                     -       -
> allow   \.kmz\.kml$                     -       -
>
> But the MailScanner still detect them as "Bad Filename" and drop them
> into quarantine:
>
>    MessageID: 5482680A2.A554E
> Quarantine: /var/spool/MailScanner/quarantine/20120713/5482680A2.A554E
>       Report: MailScanner: Attempt to hide real filename extension (aral.shp.xml)
>
>
>
> How can I let MailScanner know these are safe file name and let them
> pass through?
>
> Thanks
>
> Gao
>

Well, I tried all you guys suggestion and I still get trouble when I 
test the rule. I restarted MailScanner every time after modify the file.

Here I put a tiny test file online. This zip file contain a single 
.shp.xml file. (This is generated by some program in Windows). Anyway 
you can see that just a flat XML file but just with a double extension 
file name:
http://dl.dropbox.com/u/3442771/test.zip

BTW, even I enable (although I don't like the idea):

# Deny all other double file extensions. This catches any hidden filenames.
allow    \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename 
hiding

It's still block my test.zip file!

Could someone can test is with my test.zip file above and let me know 
the solution?

Thanks a lot.

Gao



[UPDATE]

I just tried to put the rule on the very beginning of the conf file:

test result:
1. zip file still get blocked!
2. BUT if I attach the .shp.xml file without zip it, it passed!

So there is something going on with the unzip/scan ?

Gao




-- 



More information about the MailScanner mailing list