Russian KOI8-R from GMail users blocked
Remco Barendse
mailscanner at barendse.to
Thu Jun 14 08:41:22 IST 2012
I have the same problem although my messages in Russian language that i
sent from Outlook XP get blocked :(
I am running the latest MailScanner.
I think mailscanner will run without that default ruleset that checks for
executables but that would leave a huge security hole open, not an option
(at least for me).
On Mon, 11 Jun 2012, Joolee wrote:
> file -i correctly returns text/plain. The charset isn't correct but that's no problem.
>
> The entry in my mailscanner.conf was simply:
> # Where the "file" command is installed.
> # This is used for checking the content type of files, regardless of their
> # filename.
> # To disable Filetype checking, set this value to blank.
> File Command = /usr/bin/file
>
>
> I changed this to /usr/bin/file -i to try if it works.
>
> Can Mailscanner use this output with default rulesets?
> allow text - -
> allow \bscript - -
> allow archive - -
> allow postscript - -
> deny self-extract No self-extracting archives No self-extracting archives allowed
> deny executable No executables No programs allowed 1
> #EXAMPLE: deny - x-dosexec No DOS executables No DOS programs allowed
> #deny ELF No executables No programs allowed
> deny Registry No Windows Registry entries No Windows Registry files allowed
>
> #deny MPEG No MPEG movies No MPEG movies allowed
> #deny AVI No AVI movies No AVI movies allowed
> #deny MNG No MNG/PNG movies No MNG movies allowed
> #deny QuickTime No QuickTime movies No QuickTime movies allowed
> #deny ASF No Windows media No Windows media files allowed
> #deny metafont No Windows Metafont drawings No WMF drawings allowed
>
>
> I can't find a translation table anywhere so I think Mailscanner compares these entry's directly with 'file' command's output.
>
>
>
> On 8 June 2012 13:16, Martin Hepworth <maxsec at gmail.com> wrote:
> What version of mailScanner are you using?
>
> this sounds like an issue that was fixed along time ago by using "file -i" rather the "file" to get the mime type.
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 8 June 2012 09:41, Joolee <mailscanner at joolee.nl> wrote:
> I found out that it's just the file command and especially my magic file that identifies the E-mails as executable.
>
> root at giselle:/usr/share/file# /usr/bin/file /var/spool/MailScanner/quarantine/20120608/BF8292586.AA876/msg-14738-61.txt
> /var/spool/MailScanner/quarantine/20120608/BF8292586.AA876/msg-14738-61.txt: DOS executable (COM)
>
> My file version is 5.04 (newest in Ubuntu repo but there are newer ones in ftp.astron.com) but I can't find out where I can get
> the newest magic.mgc file. The files on the ftp server have to be compiled first.
>
> On 8 June 2012 10:01, Andrew Colin Kissa <andrew at topdog.za.net> wrote:
>
> On 08 Jun 2012, at 9:20 AM, Joolee wrote:
>
> > The E-mails itself are valid E-mails from Russian GMail users that are encoded with the KOI8-R encoding.. I can
> send a sample off list if anyone is interested.
>
> Send me the sample i will investigate.
>
> - Andrew
>
> --
> www.baruwa.org
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
More information about the MailScanner
mailing list