winmail.dat problem in version 4.84.5

David Lee dlee.aus at gmail.com
Thu Feb 7 22:52:50 GMT 2013 

Hi,

I've had a look at this problem a little while ago and found an issue with
the creation of the
temporary directory into which the TNEF file is unpacked
(https://github.com/MailScanner/MailScanner/issues/7).

I've 'hacked' at temporary solution which seems to have fixed these
problems.
I made the following changes to the
'/usr/lib/MailScanner/mailScanner/TNEF.pm' file:

232,233c232,239
<   my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK
=> 0);
<   $dir =~ s,^.*/,,;
---
>   #my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir,
UNLINK => 0);
>   #$dir =~ s,^.*/,,;
>
>   my @a = map { chr } (48..57, 65..90, 97..122); # printable ASCII chars
>   my $ranstring;
>   $ranstring .= $a[rand(@a)] for 1..6;
>   my $unpackdir = "tnef" . $ranstring;

I've also changed the permissions applied to the unpack directory. Ideally
these
should be changed to the appropriate values as specified in the MailScanner
config file.

240c246,247
<   chmod 0700, "$dir/$unpackdir";
---
>   chmod 0750, "$dir/$unpackdir";
>   chown $owner, $group, "$dir/$unpackdir";

Note that I do not have a very good working knowledge of the MailScanner
code, so these
code changes may be not the best way to fix the problems.

Regards
David

On Thu, Feb 7, 2013 at 6:32 PM, Berndt, Achim <aberndt at studio-hamburg.de>wrote:

>  Hello,****
>
> ** **
>
> it might be a 1 year old bug in the TNEF decoder from previous version of
> MailScanner.****
>
> Is there a new fix for the MailScanner Version 4.84.5-3, or can I use the
> old one?****
>
> Can I download the TNEF.pm file from anywhere, or should I change the
> lines inside myself?****
>
> If so, which lines I need to  change?****
>
> ** **
>
> Regards****
>
> Achim****
>
> ** **
>
> ** **
>
> *Von:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *Im Auftrag von *Alex Neuman
> *Gesendet:* Mittwoch, 6. Februar 2013 17:08
> *An:* MailScanner discussion
> *Betreff:* Re: winmail.dat problem in version 4.84.5****
>
> ** **
>
> ** **
>
> On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de>
> wrote:****
>
> Hi Alex,****
>
>  ****
>
> thanks for your answer. ****
>
> You're welcome! ****
>
>  Splitting of the mails is not the problem, because there are the same
> failures with single-recipient mails also.****
>
>  You mentioned it. ****
>
>  MailScanner can’t create a sub-directory sometimes, but I don’t know
> why?!****
>
>  When a program "can't create" subdirectories or folders, it usually
> means it doesn't have permission to. ****
>
>  Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat
> in message r14FCB3H032743, could not create subdirectory
> r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message****
>
>  That appears to be caused by the user MailScanner is running as not
> having permission to create the file. It could also be that the disk is
> full (not likely) or that it ran out of inodes (also not likely). ****
>
>  Is the option “not to scan winmail.dat files” really an option?****
>
>  If you look for winmail.dat in the MailScanner.conf and read the
> comments therein, you'll find options such as:
> Expand TNEF = yes
> ... which has this as its comment:
> # Expand TNEF attachments using an external program (or a Perl module)?
> # This should be "yes" unless the scanner you are using (Sophos, McAfee)
> has
> # the facility built-in. However, if you set it to "no", then the filenames
> # within the TNEF attachment will not be checked against the filename
> rules.
>
> If you set it to "no" TNEF messages (those containing winmail.dat) will
> not be unpacked. Depending on your particular situation, most antivirus
> programs will still be able to detect viruses inside.
>
> You will *not*, however, be able to limit the type of files included, so
> that if you've forbidden people from sending .mov files and they send them
> in a TNEF-encoded message they will still (probably) go through.****
>
>   ****
>
> Regards****
>
> Achim****
>
>  ****
>
> *Von:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *Im Auftrag von *Alex Neuman
> *Gesendet:* Dienstag, 5. Februar 2013 20:50
> *An:* MailScanner discussion
> *Betreff:* Re: winmail.dat problem in version 4.84.5****
>
>  ****
>
> Splitting mail is something you have to *do things* for it to happen. If
> you undo the changes you made to split the e-mails (how to do this depends
> on which MTA you're using, I'm assuming sendmail from the logs), you should
> be able to avoid the problem.****
>
>  ****
>
> Do you know why splitting e-mails to multiple recipients was needed in the
> first place? Did whoever installed this prior to you taking over document
> it? The procedure is detailed here:****
>
>  ****
>
>
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient
> ****
>
>  ****
>
> You can also try changing which method you use to process winmail.dat
> files, or not to process them at all. The risk is minimal. Check your
> mailscanner.conf settings, there is more information in the comments.****
>
> On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de>
> wrote:****
>
> Hello,****
>
>  ****
>
> we made last week an update of our mail-gateways. We have now the
> OS-Version openSUSE12.2 and the****
>
> MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a
> problem with scanning of winmail.dat****
>
> attachments?! If there is a mail with 2 recipients and a winmail.dat
> attachment, MailScanner split the mail****
>
> and try to scan it two times. The first scan is successfull, but the
> second one not?! Do you have an explanation****
>
> for the problem?****
>
>  ****
>
> Mail-Log:****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de>,
> size=274800, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<
> peter at studio-hamburg.de>, delay=00:00:01, mailer=esmtp, pri=304800,
> stat=queued****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages,
> 275339 bytes****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (275339 > 200000 bytes)****
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages*
> ***
>
> Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from
> processing-database****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de>,
> size=282469, class=0, nrcpts=1, msgid=<
> 86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>,
> proto=ESMTP, daemon=MTA, relay=mx01.bdo.de [194.76.208.111]****
>
> Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<
> waller at studio-hamburg.de>, delay=00:00:00, mailer=esmtp, pri=312469,
> stat=queued****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages,
> 283011 bytes****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at
> /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in
> message r14FCB3H032743, could not create subdirectory
> r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that
> cannot be analysed in message r14FCB3H032743****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning:
> Starting****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from
> 194.76.208.111 (alex at bdo.de) to studio-hamburg.de is too big for spam
> checks (283011 > 200000 bytes)****
>
> Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned
> messages****
>
>  ****
>
> Regards****
>
> Achim****
>
>  ****
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!****
>
>
>
> ****
>
>  ****
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother.
> A cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either. ****
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!****
>
>
>
>
> --
>
> --
>
> Alex Neuman van der Hans
> Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> +507-6781-9505
> +507-832-6725
> +1-440-253-9789 (USA)
>
> Follow @AlexNeuman on Twitter
> http://facebook.com/vidadigital
>
>
> -- So-called "legal disclaimers" are not legally binding, so don't bother.
> A cute graphic saying "save the planet, don't print this" can potentially
> create more CO2, not less, so don't bother either. ****
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130208/b692b576/attachment-0001.html

More information about the MailScanner mailing list