Whitelisting an email sender and/or files
Denis Beauchemin
Denis.Beauchemin at usherbrooke.ca
Tue Apr 22 19:08:41 IST 2014
Don't forget that there are 2 different mechanisms for checking the attachments: the first one checks the name of the attachment and the second one check the contents of the attachment with the "file" command.
# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their name, regardless of
# whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
Filename Rules = %etc-dir%/filename.rules.conf
# Where the "file" command is installed.
# This is used for checking the content type of files, regardless of their
# filename.
# To disable Filetype checking, set this value to blank.
File Command = /usr/bin/file
# Set where to find the attachment filetype ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their content as determined
# by the "file" command, regardless of whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
#
# To disable this feature, set this to just "Filetype Rules =" or set
# the location of the file command to a blank string.
Filetype Rules = %etc-dir%/filetype.rules.conf
I also found this third mechanism:
# Allow any attachment MIME types matching any of the patterns listed here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filename of a ruleset.
Allow File MIME Types =
# Deny any attachment MIME types matching any of the patterns listed here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filename of a ruleset.
Deny File MIME Types =
And don't forget the settings for files within archives!
Denis
-----Message d'origine-----
De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Antony Stone
Envoyé : 22 avril 2014 12:13
À : MailScanner discussion
Objet : Re: Whitelisting an email sender and/or files
On Tuesday 22 April 2014 at 16:00, Götz Reinicke - IT Koordinator wrote:
> # für Confluence
> allow \likes.like.png$ - -
> allow \confluence.mail.templates.view.page.png$ - -
>
> But confluence.mail.templates.view.page.png is still catched as hiding
> real filename.
>
> Or is the syntax wrong? dose it has to have the regex \...$ ?
Do the above rules come before or after something more generic, which would also match the filename?
As far as I recall, the rules in this file are processed in order, first match wins, so you'd need to make sure your rules for Confluence come before the rules for generic filenames.
Regards,
Antony.
--
"640 kilobytes (of RAM) should be enough for anybody."
- Bill Gates
Please reply to the list;
please don't CC me.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list