Issue with MailScanner not blocking incoming attachments that SHOULD be denied.

Jason Young jyoung71 at
Thu Nov 14 01:24:50 GMT 2013

Hi Mark,

The file is a windows executable ... I have tried a .exe and now also a .com
file wit hteh same result (mail is not blocked / quarantined).

I put the test files onto the centos box and ran the "file" & "file -i"
command over them

[root at mailscanner ~]# file test.exe
test.exe: PE32+ executable for MS Windows (console) Mono/.Net assembly
[root at mailscanner ~]# file PE32 executable for MS Windows (console) Intel 80386 32-bit
[root at mailscanner ~]# file -i application/octet-stream; charset=binary
[root at mailscanner ~]# file -i test.exe
test.exe: application/octet-stream; charset=binary

I had read on a forum somewhere that someone recommended changing the
MailScanner.conf file command to file -i .. But it does not seem to make any

There does not seem to be anything in the headers about a .exe or anything
about attachments.  But outlook knows there is a .exe or .com attachment and
it blocks it with itself.


Jason Young

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Mark Sapiro
Sent: Thursday, 14 November 2013 10:25 AM
To: mailscanner at
Subject: Re: Issue with MailScanner not blocking incoming attachments that
SHOULD be denied.

On 11/13/2013 03:35 PM, Jason Young wrote:
> My testing has so far been to use an external mail server to send an 
> attached windows executable file (.exe) to an internal exchange 
> account.  I have tried both using an outlook external client and also 
> a native Linux based web client with the same result (i.e. the exe 
> file is delivered to the exchange account).

Is the file actually a DOS executable file, i.e., what does the CentOS
'file' command say it is?

> And the email that arrives has the following header (extract):
> Content-Type: multipart/mixed; boundary="----=_20131114101356_40730"

And what are the part headers for the attached file? I.e. does it have a
name and does the name end in .exe?

> Running MailScanner -lint gives the following output :
> ======================================================================
> =====
> Filename Checks: Windows/DOS Executable (1

Here MailScanner recognizes a .com. Have you tried a .com in your testing.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

This email is free from viruses and malware because avast! Antivirus protection is active.

More information about the MailScanner mailing list