How to allow double extension file?

J Gao jgao at veecall.com
Mon Jul 16 20:22:21 IST 2012


On 12-07-16 11:03 AM, Martin Hepworth wrote:
> Put the rules at the top so they get hit first.
>
> Dont forget to restart mailscanner afterwards
>
> Martin
>
> On Monday, 16 July 2012, Chris Stone wrote:
>
>
>     On Mon, Jul 16, 2012 at 10:32 AM, J Gao <jgao at veecall.com
>     <javascript:_e({}, 'cvml', 'jgao at veecall.com');>> wrote:
>
>         Hello,
>
>         I added two lines on the bottom of the filename.rules.conf:
>         allow   \.shp\.xml$                     -       -
>         allow   \.kmz\.kml$                     -       -
>
>         But the MailScanner still detect them as "Bad Filename" and drop
>         them
>         into quarantine:
>
>            MessageID: 5482680A2.A554E
>         Quarantine:
>         /var/spool/MailScanner/quarantine/20120713/5482680A2.A554E
>               Report: MailScanner: Attempt to hide real filename
>         extension (aral.shp.xml)
>
>
>     Trying making sure to add it above the line:
>
>     # Deny all other double file extensions. This catches any hidden
>     filenames.
>     allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible
>     filename hiding                          Attempt to possibly hide
>     real filename extension
>
>
>     Chris
>
>
>
> --
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>

I replied but my mail doesn't shows. ??? I include a URL for the 
test.zip file in dropbox, so it's been filtered out?



[UPDATE]

I just tried to put the rule on the very beginning of the conf file:

test result:
1. zip file still get blocked!
2. BUT if I attach the .shp.xml file without zip it, it passed!

So there is something going on with the unzip/scan ?

Gao




-- 



More information about the MailScanner mailing list