Issue with MailScanner not blocking incoming attachments that SHOULD be denied.
mark at msapiro.net
Thu Nov 14 06:52:03 GMT 2013
On 11/13/2013 05:24 PM, Jason Young wrote:
> The file is a windows executable ... I have tried a .exe and now also a .com
> file wit hteh same result (mail is not blocked / quarantined).
> I put the test files onto the centos box and ran the "file" & "file -i"
> command over them
> [root at mailscanner ~]# file test.exe
> test.exe: PE32+ executable for MS Windows (console) Mono/.Net assembly
> [root at mailscanner ~]# file test.com
> test.com: PE32 executable for MS Windows (console) Intel 80386 32-bit
> [root at mailscanner ~]# file -i test.com
> test.com: application/octet-stream; charset=binary
> [root at mailscanner ~]# file -i test.exe
> test.exe: application/octet-stream; charset=binary
> I had read on a forum somewhere that someone recommended changing the
> MailScanner.conf file command to file -i .. But it does not seem to make any
It makes a difference in what is reported. I.e., file reports the files
as executable which matches 'deny executable' in filetype.rules.conf,
but file -i reports then as application/octet-stream which is not
mentioned in filetype.rules.conf and thus allowed.
man file says in part
Causes the file command to output mime type strings rather than
the more traditional human readable ones. Thus it may say
‘‘text/plain; charset=us-ascii’’ rather than ‘‘ASCII text’’.
> There does not seem to be anything in the headers about a .exe or anything
> about attachments. But outlook knows there is a .exe or .com attachment and
> it blocks it with itself.
The original headers you posted contained
>> Content-Type: multipart/mixed; boundary="----=_20131114101356_40730"
If you examine the raw message body of that message, you should see
Content-Type: text/plain; charset="..."
Content-Type: application/octet-stream; name="xxx.exe"
Content-Disposition: attachment; filename="xxx.exe"
(base 64 encoded data)
What do those Content-Type: and Content-Disposition: headers look like
for your attached file? (Sorry, I can't tell you how to view the raw
message in Outlook.)
If they do have the expected .exe or .com extension, then I don't know
what the problem might be.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner