Russian KOI8-R from GMail users blocked

Joolee mailscanner at joolee.nl
Thu Jun 14 11:15:36 IST 2012 

Can you try editing the "File Command" option?

On 14 June 2012 09:41, Remco Barendse <mailscanner at barendse.to> wrote:

> I have the same problem although my messages in Russian language that i
> sent from Outlook XP get blocked :(
>
> I am running the latest MailScanner.
>
> I think mailscanner will run without that default ruleset that checks for
> executables but that would leave a huge security hole open, not an option
> (at least for me).
>
>
>
> On Mon, 11 Jun 2012, Joolee wrote:
>
>  file -i correctly returns text/plain. The charset isn't correct but
>> that's no problem.
>>
>> The entry in my mailscanner.conf was simply:
>>      # Where the "file" command is installed.
>>      # This is used for checking the content type of files, regardless of
>> their
>>      # filename.
>>      # To disable Filetype checking, set this value to blank.
>>      File Command = /usr/bin/file
>>
>>
>> I changed this to /usr/bin/file -i to try if it works.
>>
>> Can Mailscanner use this output with default rulesets?
>>      allow   text        -           -
>>      allow   \bscript    -           -
>>      allow   archive     -           -
>>      allow   postscript  -           -
>>      deny    self-extract    No self-extracting archives No
>> self-extracting archives allowed
>>      deny    executable  No executables      No programs allowed 1
>>      #EXAMPLE: deny  -   x-dosexec   No DOS executables  No DOS programs
>> allowed
>>      #deny   ELF     No executables      No programs allowed
>>      deny    Registry    No Windows Registry entries No Windows Registry
>> files allowed
>>
>>      #deny   MPEG        No MPEG movies      No MPEG movies allowed
>>      #deny   AVI     No AVI movies       No AVI movies allowed
>>      #deny   MNG     No MNG/PNG movies   No MNG movies allowed
>>      #deny   QuickTime   No QuickTime movies No QuickTime movies allowed
>>      #deny   ASF     No Windows media    No Windows media files allowed
>>      #deny   metafont    No Windows Metafont drawings    No WMF drawings
>> allowed
>>
>>
>> I can't find a translation table anywhere so I think Mailscanner compares
>> these entry's directly with 'file' command's output.
>>
>>
>>
>> On 8 June 2012 13:16, Martin Hepworth <maxsec at gmail.com> wrote:
>>      What version of mailScanner are you using?
>>
>>      this sounds like an issue that was fixed along time ago by using
>> "file -i" rather the "file" to get the mime type.
>>
>>      --
>>      Martin Hepworth, CISSP
>>      Oxford, UK
>>
>>
>>      On 8 June 2012 09:41, Joolee <mailscanner at joolee.nl> wrote:
>>            I found out that it's just the file command and especially my
>> magic file that identifies the E-mails as executable.
>>
>>            root at giselle:/usr/share/file# /usr/bin/file
>> /var/spool/MailScanner/**quarantine/20120608/BF8292586.**
>> AA876/msg-14738-61.txt
>>            /var/spool/MailScanner/**quarantine/20120608/BF8292586.**AA876/msg-14738-61.txt:
>> DOS executable (COM)
>>
>>            My file version is 5.04 (newest in Ubuntu repo but there are
>> newer ones in ftp.astron.com) but I can't find out where I can get
>>            the newest magic.mgc file. The files on the ftp server have to
>> be compiled first.
>>
>>            On 8 June 2012 10:01, Andrew Colin Kissa <andrew at topdog.za.net>
>> wrote:
>>
>>                  On 08 Jun 2012, at 9:20 AM, Joolee wrote:
>>
>>                  > The E-mails itself are valid E-mails from Russian
>> GMail users that are encoded with the KOI8-R encoding.. I can
>>                  send a sample off list if anyone is interested.
>>
>> Send me the sample i will investigate.
>>
>> - Andrew
>>
>> --
>> www.baruwa.org
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.**info <mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>
>> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.**info <mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>
>> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.**info <mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>
>> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120614/e935df31/attachment.html

More information about the MailScanner mailing list