From mejaz at cyberia.net.sa Mon Jan 6 05:32:30 2014 From: mejaz at cyberia.net.sa (Ejaz) Date: Mon, 6 Jan 2014 08:32:30 +0300 Subject: FW: qurantine Message-ID: <7CC2DAD571314621AC41F62A7B3E4548@EJAZ> Hello, New version of Mail watch 1.2.0 cannot list quarantine messages, Other hand I am sure that I permission and MailScanner configuration is correct as per the installation note supplied by Mailwatch. Any ones. Help would be highly appreciated. Regards, __________________ Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: mejaz at cyberia.net.sa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140106/9c74eaf9/attachment.html From ron.hahn at dhco.org Mon Jan 6 09:38:58 2014 From: ron.hahn at dhco.org (Ron Hahn) Date: Mon, 06 Jan 2014 09:38:58 +0000 Subject: FW: qurantine In-Reply-To: <7CC2DAD571314621AC41F62A7B3E4548@EJAZ> References: <7CC2DAD571314621AC41F62A7B3E4548@EJAZ> Message-ID: <52CA79B2.9000508@dhco.org> Hi, I have noticed this too; Have not found the reason for this behaviour as all other functions appear to work fine for many months now. Regards, Ron > Ejaz > 06 January 2014 05:32 > > Hello, > > New version of Mail watch 1.2.0 cannot list quarantine messages, Other > hand I am sure that I permission and MailScanner configuration is > correct as per the installation note supplied by Mailwatch. > > Any ones. Help would be highly appreciated. > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114 Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz at cyberia.net.sa > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140106/1313f11b/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: compose-unknown-contact.jpg Type: image/jpeg Size: 770 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140106/1313f11b/attachment.jpg From jerry.benton at mailborder.com Mon Jan 6 10:39:58 2014 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 6 Jan 2014 11:39:58 +0100 Subject: FW: qurantine In-Reply-To: <52CA79B2.9000508@dhco.org> References: <7CC2DAD571314621AC41F62A7B3E4548@EJAZ> <52CA79B2.9000508@dhco.org> Message-ID: Well, it does not seem to be a MailScanner issue. I have not seen this problem with Mailborder. On Mon, Jan 6, 2014 at 10:38 AM, Ron Hahn wrote: > Hi, > > I have noticed this too; Have not found the reason for this behaviour as > all other functions appear to work fine for many months now. > > Regards, > > Ron > > Ejaz > 06 January 2014 05:32 > > > > Hello, > > > > New version of Mail watch 1.2.0 cannot list quarantine messages, Other > hand I am sure that I permission and MailScanner configuration is correct > as per the installation note supplied by Mailwatch. > > > > Any ones. Help would be highly appreciated. > > > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114 Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz at cyberia.net.sa > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140106/eba47b57/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 770 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140106/eba47b57/attachment.jpe From ron.hahn at dhco.org Mon Jan 6 13:04:53 2014 From: ron.hahn at dhco.org (Ron Hahn) Date: Mon, 06 Jan 2014 13:04:53 +0000 Subject: FW: qurantine In-Reply-To: References: <7CC2DAD571314621AC41F62A7B3E4548@EJAZ> <52CA79B2.9000508@dhco.org> Message-ID: <52CAA9F5.5060404@dhco.org> Jerry, I also run mailborder (and mailwatch on another server); I do not see any issues with quarantine display on mailborder. However, my (old) installation of 1.2xxbeta fails to show the quarantine contents as does a fresh installation of 1.2xxbeta. IMHO this is clearly a mailwatch issue. Perhaps others on the list have seen similar behaviour. R > Jerry Benton > 06 January 2014 10:39 > Well, it does not seem to be a MailScanner issue. I have not seen this > problem with Mailborder. > > > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > Ron Hahn > 06 January 2014 09:38 > Hi, > > I have noticed this too; Have not found the reason for this behaviour > as all other functions appear to work fine for many months now. > > Regards, > > Ron > > Ejaz > 06 January 2014 05:32 > > Hello, > > New version of Mail watch 1.2.0 cannot list quarantine messages, Other > hand I am sure that I permission and MailScanner configuration is > correct as per the installation note supplied by Mailwatch. > > Any ones. Help would be highly appreciated. > > Regards, > __________________ > Mohammed Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > Riyadh, Saudi Arabia > Phone: +966-1-4647114 Ext: 140 > Mobile +966-562311787 > Fax: +966-1-4654735 > E-mail: mejaz at cyberia.net.sa > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140106/16acb102/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: compose-unknown-contact.jpg Type: image/jpeg Size: 770 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140106/16acb102/attachment.jpg From Denis.Beauchemin at usherbrooke.ca Fri Jan 17 13:20:11 2014 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Fri, 17 Jan 2014 13:20:11 +0000 Subject: phishing.bad.sites.conf problem Message-ID: Hello, Why is www.dropbox.com in phishing.bad.sites.conf? I tried to add it to phishing.safe.sites.conf to override this listing but the safe sites don't supersede the bad sites. Can anybody remove www.dropbox.com from phishing.bad.sites.conf please? Thanks! Denis From IversonS at rushville.k12.in.us Mon Jan 20 12:44:41 2014 From: IversonS at rushville.k12.in.us (Shawn Iverson) Date: Mon, 20 Jan 2014 07:44:41 -0500 Subject: Inline Signature Add Custom Variable Message-ID: <52DCD3E9020000D50004B6EC@mail.rushville.k12.in.us> To MailScanner Listserv: I am attempting to add a custom variable to an inline signature. id=$id works fine, but if I add token=$token, the line disappears from the signature in HTML and is missing at that point in the TXT signature. I am wanting to pass a token so that the CGI script that I am calling can use it to pass a message to sa-learn more securely. I attempted to modify code in Message.pm to alleviate this, but I am having trouble locating what is causing this. Even when I explicitly define a static $token in Message.pm in the ReadVirusWarning subroutine, it is ignored. Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140120/34be8288/attachment.html From joh.hendriks at gmail.com Mon Jan 20 13:22:07 2014 From: joh.hendriks at gmail.com (Johan Hendriks) Date: Mon, 20 Jan 2014 14:22:07 +0100 Subject: Double File extension Message-ID: <52DD22FF.8080800@gmail.com> Hello all. I have mailscanner running and it all works quite well. The only thing i encounter is that people use a lot of (.) in there files, and this triggers the deny rule of multiple extensions. Is there a way to only check the last two extensions, and only block if both are three caracters long? regards Johan From jerry.benton at mailborder.com Mon Jan 20 14:15:57 2014 From: jerry.benton at mailborder.com (Jerry Benton) Date: Mon, 20 Jan 2014 15:15:57 +0100 Subject: Double File extension In-Reply-To: <52DD22FF.8080800@gmail.com> References: <52DD22FF.8080800@gmail.com> Message-ID: Johan, I would suggest just allowing the multiple file extensions. The idea behind this check is pretty old and has been overcome by modern times and methods. You would still drive customers crazy if you blocked: document.Jan.doc document.feb.doc etc. On Mon, Jan 20, 2014 at 2:22 PM, Johan Hendriks wrote: > Hello all. > > I have mailscanner running and it all works quite well. > The only thing i encounter is that people use a lot of (.) in there > files, and this triggers the deny rule of multiple extensions. > > Is there a way to only check the last two extensions, and only block if > both are three caracters long? > > regards > > Johan > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Jerry Benton Mailborder Systems www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140120/2df78325/attachment.html From alex at vidadigital.com.pa Mon Jan 20 14:25:07 2014 From: alex at vidadigital.com.pa (Alex Neuman) Date: Mon, 20 Jan 2014 09:25:07 -0500 Subject: Double File extension In-Reply-To: <52DD22FF.8080800@gmail.com> References: <52DD22FF.8080800@gmail.com> Message-ID: Yes. You could create a perl regular expression (regexp) that can match that. Here's more info: http://perldoc.perl.org/perlretut.html Otherwise just comment out with a # the double extension rule and match on .exe, .com, .pif, .scr and such. It's much easier than hitting your users upside the head with a clue-by-four. *Alex Neuman van der Hans*Reliant Technologies / Vida Digital http://vidadigital.com.pa/ Mobile: +507-6781-9505 Work: +507-832-6725 Work (USA): +1-440-253-9789 Follow *@AlexNeuman * on Twitter Like Vida Digital on Facebook Follow VidaDigital on Instagram Subscribe to Vida Digital on Youtube On Mon, Jan 20, 2014 at 8:22 AM, Johan Hendriks wrote: > Hello all. > > I have mailscanner running and it all works quite well. > The only thing i encounter is that people use a lot of (.) in there > files, and this triggers the deny rule of multiple extensions. > > Is there a way to only check the last two extensions, and only block if > both are three caracters long? > > regards > > Johan > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140120/b2454d30/attachment.html From peter at farrows.org Mon Jan 20 14:53:45 2014 From: peter at farrows.org (Peter Farrow) Date: Mon, 20 Jan 2014 14:53:45 +0000 Subject: Double File extension In-Reply-To: References: <52DD22FF.8080800@gmail.com> Message-ID: <52DD3879.1030006@farrows.org> I disagree, hiding windows file extensions is a simple and easy way to fool the end user. Personally I would never allow double-barreled extensions. Do this at your peril. P. On 20/01/2014 14:15, Jerry Benton wrote: > Johan, > > I would suggest just allowing the multiple file extensions. The idea > behind this check is pretty old and has been overcome by modern times > and methods. You would still drive customers crazy if you blocked: > > document.Jan.doc > document.feb.doc > > etc. > > > > On Mon, Jan 20, 2014 at 2:22 PM, Johan Hendriks > > wrote: > > Hello all. > > I have mailscanner running and it all works quite well. > The only thing i encounter is that people use a lot of (.) in there > files, and this triggers the deny rule of multiple extensions. > > Is there a way to only check the last two extensions, and only > block if > both are three caracters long? > > regards > > Johan > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > > -- > Jerry Benton > Mailborder Systems > www.mailborder.com > > -- > This message has been scanned for viruses and > dangerous content by the *Togethia MailScanner* > , and is > believed to be clean. > Scanner:local > > -- horizontal ruler Peter Farrow avatar ______________________ Home: 01249 654183 Fax: 01249 461 548 Mobile: 07799605617 Skype: peter_farrow Web: www.peterfarrow.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140120/c5563a55/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: orange_spacer.gif Type: image/gif Size: 57 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140120/c5563a55/attachment.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: avatar.gif Type: image/gif Size: 8198 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140120/c5563a55/attachment-0001.gif From rcooper at dwford.com Mon Jan 20 15:41:30 2014 From: rcooper at dwford.com (Rick Cooper) Date: Mon, 20 Jan 2014 10:41:30 -0500 Subject: Double File extension In-Reply-To: <52DD22FF.8080800@gmail.com> References: <52DD22FF.8080800@gmail.com> Message-ID: <84CE22A41C144AFBA8528AE1B910EEC4@SAHOMELT> Johan Hendriks wrote: > Hello all. > > I have mailscanner running and it all works quite well. > The only thing i encounter is that people use a lot of (.) in there > files, and this triggers the deny rule of multiple extensions. > > Is there a way to only check the last two extensions, and only block > if both are three caracters long? > > regards > > Johan An express like .*\.(.+?)\.(?:exe|com|bin|msi|scr|vb[es]|bat|chf|cmd|pif)$ Would block double extensions where the final extension is executable so doc.jan.xls would not trigger but doc.jan.xls.exe would. Of course you still have to block executables within archives because renaming doc.jan.exe to doc.jan.txt would defeat the filename rules. And you would also have to decide what extensions to block because maybe you don't care about .msi files or shortcuts Rick From pas at unh.edu Mon Jan 20 15:42:05 2014 From: pas at unh.edu (Paul A Sand) Date: Mon, 20 Jan 2014 10:42:05 -0500 Subject: Double File extension In-Reply-To: <52DD3879.1030006@farrows.org> References: <52DD22FF.8080800@gmail.com> <52DD3879.1030006@farrows.org> Message-ID: <20140120154205.GA8656@cisunix.unh.edu> * Peter Farrow [2014-01-20 10:00]: > hiding windows file extensions is a simple and easy way to fool the > end user. > > Personally I would never allow double-barreled extensions. An alternative path is renaming. What we did awhile back (in filename.rules.conf) was to change the ?deny? rule at the end to: rename to _$1.$2 \.([a-z][a-z0-9]{2,3}\s*)\.([a-z0-9]{3})$ E.g., ?feefie.foe.fum? becomes ?feefie_foe.fum?. I think. It?s been awhile. It has really cut back on the gripes from false positives. -- -- Paul A Sand -- Information Technology / University of New Hampshire -- http://pubpages.unh.edu/~pas -- Sender does not have combination to safe. From Support at ait-systems.nl Mon Jan 20 15:47:56 2014 From: Support at ait-systems.nl (Support) Date: Mon, 20 Jan 2014 16:47:56 +0100 Subject: qurantine In-Reply-To: <050A2B31021C4E49AB8BAFB06CA246EE14AE8E@aitsnt01.ait-systems.local> References: <050A2B31021C4E49AB8BAFB06CA246EE14AE8E@aitsnt01.ait-systems.local> Message-ID: <60A0124E9A637E4D8E52609D021BAA3B1B4C81@aitsnt01.ait-systems.local> Hi, Sorry for the late reply. There is a bug in quarantine.php. I am not sure if this is the correct place to discuss this but: As far as I can remember you need to change: $sql = "SELECT id FROM maillog WHERE ".$_SESSION['global_filter']." AND dat e='$date' AND quarantined=1"; to $sql = "SELECT id FROM maillog WHERE (".$_SESSION['global_filter'].") AND date='$date' AND quarantined=1"; Pieter Jasperse From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Ejaz Sent: maandag 6 januari 2014 6:42 To: Mailscannerlist at ait-systems.nl Subject: FW: qurantine Hello, New version of Mail watch 1.2.0 cannot list quarantine messages, Other hand I am sure that I permission and MailScanner configuration is correct as per the installation note supplied by Mailwatch. Any ones. Help would be highly appreciated. Regards, __________________ Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: mejaz at cyberia.net.sa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140120/8b5e3e35/attachment.html From Antony.Stone at mailscanner.open.source.it Mon Jan 20 16:21:07 2014 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 20 Jan 2014 17:21:07 +0100 Subject: Double File extension In-Reply-To: <84CE22A41C144AFBA8528AE1B910EEC4@SAHOMELT> References: <52DD22FF.8080800@gmail.com> <84CE22A41C144AFBA8528AE1B910EEC4@SAHOMELT> Message-ID: <201401201721.08225.Antony.Stone@mailscanner.open.source.it> On Monday 20 January 2014 at 16:41:30, Rick Cooper wrote: > Johan Hendriks wrote: > > Hello all. > > > > I have mailscanner running and it all works quite well. > > The only thing i encounter is that people use a lot of (.) in there > > files, and this triggers the deny rule of multiple extensions. > > > > Is there a way to only check the last two extensions, and only block > > if both are three caracters long? > > An express like .*\.(.+?)\.(?:exe|com|bin|msi|scr|vb[es]|bat|chf|cmd|pif)$ > > Would block double extensions where the final extension is executable so > doc.jan.xls would not trigger but doc.jan.xls.exe would. Of course you > still have to block executables within archives because renaming > doc.jan.exe to doc.jan.txt would defeat the filename rules. And you would > also have to decide what extensions to block because maybe you don't care > about .msi files or shortcuts I would not block on filename (because of examples such as given previously - document.jan.doc etc), but on content. Use MailScanner's built-in and plug-in content scanning facilities to block executable content, malicious content, and inappropriate filetypes for you organisation, and let the users (or more often the people sending stuff to your users) choose whatever filenames they like. I don't have an example to hand, but I'm sure there must be examples of legitimate filenames with two 3-letter extensions, both of which appear on the list of "dangerous" extensions, simply because the document creator doesn't think about what Windows considers to be "executable". Regards, Antony. -- Most people are aware that the Universe is big. - Paul Davies, Professor of Theoretical Physics Please reply to the list; please don't CC me. From IversonS at rushville.k12.in.us Tue Jan 21 13:14:46 2014 From: IversonS at rushville.k12.in.us (Shawn Iverson) Date: Tue, 21 Jan 2014 08:14:46 -0500 Subject: Inline Signature Add Custom Variable Message-ID: <52DE2C76020000D50004B8A4@mail.rushville.k12.in.us> To MailScanner Listserv: Problem solved. I reused code from Messages.pm in CustomAction.pm to append the token. Basically I copied SignUninfected, AppendCleanSignedMessage, and ReadVirusWarning and reworked the code slightly, so that I could pass the message object up and down the stack. :) Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us >>> Shawn Iverson 1/20/2014 7:44 AM >>> To MailScanner Listserv: I am attempting to add a custom variable to an inline signature. id=$id works fine, but if I add token=$token, the line disappears from the signature in HTML and is missing at that point in the TXT signature. I am wanting to pass a token so that the CGI script that I am calling can use it to pass a message to sa-learn more securely. I attempted to modify code in Message.pm to alleviate this, but I am having trouble locating what is causing this. Even when I explicitly define a static $token in Message.pm in the ReadVirusWarning subroutine, it is ignored. Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140121/ea6c6c01/attachment.html From joh.hendriks at gmail.com Tue Jan 21 14:04:08 2014 From: joh.hendriks at gmail.com (Johan Hendriks) Date: Tue, 21 Jan 2014 15:04:08 +0100 Subject: Double File extension In-Reply-To: <201401201721.08225.Antony.Stone@mailscanner.open.source.it> References: <52DD22FF.8080800@gmail.com> <84CE22A41C144AFBA8528AE1B910EEC4@SAHOMELT> <201401201721.08225.Antony.Stone@mailscanner.open.source.it> Message-ID: <52DE7E58.2010206@gmail.com> Antony Stone schreef: > On Monday 20 January 2014 at 16:41:30, Rick Cooper wrote: > >> Johan Hendriks wrote: >>> Hello all. >>> >>> I have mailscanner running and it all works quite well. >>> The only thing i encounter is that people use a lot of (.) in there >>> files, and this triggers the deny rule of multiple extensions. >>> >>> Is there a way to only check the last two extensions, and only block >>> if both are three caracters long? >> An express like .*\.(.+?)\.(?:exe|com|bin|msi|scr|vb[es]|bat|chf|cmd|pif)$ >> >> Would block double extensions where the final extension is executable so >> doc.jan.xls would not trigger but doc.jan.xls.exe would. Of course you >> still have to block executables within archives because renaming >> doc.jan.exe to doc.jan.txt would defeat the filename rules. And you would >> also have to decide what extensions to block because maybe you don't care >> about .msi files or shortcuts > I would not block on filename (because of examples such as given previously - > document.jan.doc etc), but on content. > > Use MailScanner's built-in and plug-in content scanning facilities to block > executable content, malicious content, and inappropriate filetypes for you > organisation, and let the users (or more often the people sending stuff to your > users) choose whatever filenames they like. > > I don't have an example to hand, but I'm sure there must be examples of > legitimate filenames with two 3-letter extensions, both of which appear on the > list of "dangerous" extensions, simply because the document creator doesn't > think about what Windows considers to be "executable". > > > Regards, > > > Antony. > Thank you all for the reply's i am going to try some of the given options! Thanks again regards Johan Hendriks From IversonS at rushville.k12.in.us Sun Jan 26 18:29:50 2014 From: IversonS at rushville.k12.in.us (Shawn Iverson) Date: Sun, 26 Jan 2014 13:29:50 -0500 Subject: Custom Action support for MCP Actions Message-ID: <52E50DCE020000D50004C191@mail.rushville.k12.in.us> Spam Actions currently support use of custom(). Can support be added for MCP Actions as well? All that is needed is the following code is in MCPMessage.pm in the " foreach $action (@actions) {" loop # Begin Code Added if ($action =~ /^custom$(.*)$/) { MailScanner::Config::CallCustomAction($this, 'yes', $1); $action = 'custom'; } # End Code Added Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140126/f4227cab/attachment.html From IversonS at rushville.k12.in.us Mon Jan 27 22:48:00 2014 From: IversonS at rushville.k12.in.us (Shawn Iverson) Date: Mon, 27 Jan 2014 17:48:00 -0500 Subject: Deliver Cleaned Messages = yes (bypasses spam engine) Message-ID: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> Is there a way to configure MailScanner so that Deliver Cleaned Messages still get checked as spam and not blindly delivered without spam checks? Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140127/ff6981d8/attachment.html From jerry.benton at mailborder.com Mon Jan 27 23:46:01 2014 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 28 Jan 2014 00:46:01 +0100 Subject: Deliver Cleaned Messages = yes (bypasses spam engine) In-Reply-To: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> References: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> Message-ID: <52E6EFB9.5080809@mailborder.com> Shawn, Why would you want to have an email delivered that arrived with a virus attached to it in the first place? I cannot think of any circumstance where you would want to. Keep in mind that viruses are not "bad files". For example, a .exe (if not allowed by your policy) would be a bad file. Not a virus. Jerry Benton www.mailborder.com Shawn Iverson wrote: > > Deliver Cleaned Messages -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140128/41d34a74/attachment.html From IversonS at rushville.k12.in.us Tue Jan 28 01:37:46 2014 From: IversonS at rushville.k12.in.us (Shawn Iverson) Date: Mon, 27 Jan 2014 20:37:46 -0500 Subject: Deliver Cleaned Messages = yes (bypasses spam engine) In-Reply-To: <52E6EFB9.5080809@mailborder.com> References: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> <52E6EFB9.5080809@mailborder.com> Message-ID: <52E6C39A020000D50004C367@mail.rushville.k12.in.us> Spam can have viruses attached. Just because it has a virus, and the virus is removed, doesn't mean that the email itself should be delivered without checking against the spam engine. That is what is happening. The virus is removed, and the email is delivered without a spam score. Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us >>> Jerry Benton 1/27/2014 6:46 PM >>> Shawn, Why would you want to have an email delivered that arrived with a virus attached to it in the first place? I cannot think of any circumstance where you would want to. Keep in mind that viruses are not "bad files". For example, a .exe (if not allowed by your policy) would be a bad file. Not a virus. Jerry Benton www.mailborder.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140127/1c921282/attachment.html From michael at huntley.net Tue Jan 28 02:13:37 2014 From: michael at huntley.net (Michael Huntley) Date: Mon, 27 Jan 2014 18:13:37 -0800 Subject: Deliver Cleaned Messages = yes (bypasses spam engine) In-Reply-To: <52E6C39A020000D50004C367@mail.rushville.k12.in.us> References: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> <52E6EFB9.5080809@mailborder.com> <52E6C39A020000D50004C367@mail.rushville.k12.in.us> Message-ID: <52E71251.90606@huntley.net> Shawn, do you have Spam Checks = yes in MailScanner.conf? Cheers, Michael Huntley On 1/27/2014 5:37 PM, Shawn Iverson wrote: > Spam can have viruses attached. Just because it has a virus, and the > virus is removed, doesn't mean that the email itself should be delivered > without checking against the spam engine. That is what is happening. > The virus is removed, and the email is delivered without a spam score. > > > Shawn Iverson > Rush County Schools > District Technology Coordinator > iversons at rushville.k12.in.us >>>> Jerry Benton 1/27/2014 6:46 PM >>> > Shawn, > > Why would you want to have an email delivered that arrived with a virus > attached to it in the first place? I cannot think of any circumstance > where you would want to. Keep in mind that viruses are not "bad files". > For example, a .exe (if not allowed by your policy) would be a bad file. > Not a virus. > > Jerry Benton > www.mailborder.com > > >> >> > > From IversonS at rushville.k12.in.us Tue Jan 28 04:06:50 2014 From: IversonS at rushville.k12.in.us (Shawn Iverson) Date: Mon, 27 Jan 2014 23:06:50 -0500 Subject: Deliver Cleaned Messages = yes (bypasses spam engine) In-Reply-To: <52E71251.90606@huntley.net> References: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> <52E6EFB9.5080809@mailborder.com> <52E6C39A020000D50004C367@mail.rushville.k12.in.us> <52E71251.90606@huntley.net> Message-ID: <52E6E68A020000D50004C373@mail.rushville.k12.in.us> yes Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us >>> Michael Huntley 1/27/2014 9:13 PM >>> Shawn, do you have Spam Checks = yes in MailScanner.conf? Cheers, Michael Huntley On 1/27/2014 5:37 PM, Shawn Iverson wrote: > Spam can have viruses attached. Just because it has a virus, and the > virus is removed, doesn't mean that the email itself should be delivered > without checking against the spam engine. That is what is happening. > The virus is removed, and the email is delivered without a spam score. > > > Shawn Iverson > Rush County Schools > District Technology Coordinator > iversons at rushville.k12.in.us >>>> Jerry Benton 1/27/2014 6:46 PM >>> > Shawn, > > Why would you want to have an email delivered that arrived with a virus > attached to it in the first place? I cannot think of any circumstance > where you would want to. Keep in mind that viruses are not "bad files". > For example, a .exe (if not allowed by your policy) would be a bad file. > Not a virus. > > Jerry Benton > www.mailborder.com > > >> >> > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by E.F.A. Project, and is believed to be clean. Click here to report this message as spam. https://efa.rushville.k12.in.us/cgi-bin/learn-msg.cgi?id=8F2CB8150F.A24E6&token=4388421183ea48fb12a1107b937fa403 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140127/d160d969/attachment.html From jerry.benton at mailborder.com Tue Jan 28 05:15:33 2014 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 28 Jan 2014 06:15:33 +0100 Subject: Deliver Cleaned Messages = yes (bypasses spam engine) In-Reply-To: <52E6E68A020000D50004C373@mail.rushville.k12.in.us> References: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> <52E6EFB9.5080809@mailborder.com> <52E6C39A020000D50004C367@mail.rushville.k12.in.us> <52E71251.90606@huntley.net> <52E6E68A020000D50004C373@mail.rushville.k12.in.us> Message-ID: <52E73CF5.9070307@mailborder.com> Shawn, I think you missed my point. Set: Deliver Cleaned Messages = no As it is very unlikely that you are going to find an email that is not spam that accidentally had a virus attached by someone. I have checked some logs and all checks stop once a virus is found. -- Jerry Benton www.mailborder.com > Shawn Iverson > January 28, 2014 at 5:06 AM > yes > > Shawn Iverson > Rush County Schools > District Technology Coordinator > iversons at rushville.k12.in.us > >>> Michael Huntley 1/27/2014 9:13 PM >>> > Shawn, > > do you have Spam Checks = yes in MailScanner.conf? > > Cheers, > > Michael Huntley > > On 1/27/2014 5:37 PM, Shawn Iverson wrote: > > Spam can have viruses attached. Just because it has a virus, and the > > virus is removed, doesn't mean that the email itself should be delivered > > without checking against the spam engine. That is what is happening. > > The virus is removed, and the email is delivered without a spam score. > > > > > > Shawn Iverson > > Rush County Schools > > District Technology Coordinator > > iversons at rushville.k12.in.us > >>>> Jerry Benton 1/27/2014 6:46 PM >>> > > Shawn, > > > > Why would you want to have an email delivered that arrived with a virus > > attached to it in the first place? I cannot think of any circumstance > > where you would want to. Keep in mind that viruses are not "bad files". > > For example, a .exe (if not allowed by your policy) would be a bad file. > > Not a virus. > > > > Jerry Benton > > www.mailborder.com > > > > > >> > >> > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and dangerous content by > E.F.A. Project, and is believed to be clean. > > Click here to report this message as spam. > https://efa.rushville.k12.in.us/cgi-bin/learn-msg.cgi?id=8F2CB8150F.A24E6&token=4388421183ea48fb12a1107b937fa403 > > > Michael Huntley > January 28, 2014 at 3:13 AM > Shawn, > > do you have Spam Checks = yes in MailScanner.conf? > > Cheers, > > Michael Huntley > Shawn Iverson > January 28, 2014 at 2:37 AM > Spam can have viruses attached. Just because it has a virus, and the > virus is removed, doesn't mean that the email itself should be > delivered without checking against the spam engine. That is what is > happening. The virus is removed, and the email is delivered without a > spam score. > > Shawn Iverson > Rush County Schools > District Technology Coordinator > iversons at rushville.k12.in.us > >>> Jerry Benton 1/27/2014 6:46 PM >>> > Shawn, > > Why would you want to have an email delivered that arrived with a > virus attached to it in the first place? I cannot think of any > circumstance where you would want to. Keep in mind that viruses are > not "bad files". For example, a .exe (if not allowed by your policy) > would be a bad file. Not a virus. > > Jerry Benton > www.mailborder.com > > > Jerry Benton > January 28, 2014 at 12:46 AM > Shawn, > > Why would you want to have an email delivered that arrived with a > virus attached to it in the first place? I cannot think of any > circumstance where you would want to. Keep in mind that viruses are > not "bad files". For example, a .exe (if not allowed by your policy) > would be a bad file. Not a virus. > > Jerry Benton > www.mailborder.com > > > Shawn Iverson wrote: > Shawn Iverson > January 27, 2014 at 11:48 PM > Is there a way to configure MailScanner so that Deliver Cleaned > Messages still get checked as spam and not blindly delivered without > spam checks? > Shawn Iverson > Rush County Schools > District Technology Coordinator > iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140128/2d7cae6a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: compose-unknown-contact.jpg Type: image/jpeg Size: 770 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140128/2d7cae6a/attachment.jpg From IversonS at rushville.k12.in.us Tue Jan 28 05:34:10 2014 From: IversonS at rushville.k12.in.us (Shawn Iverson) Date: Tue, 28 Jan 2014 00:34:10 -0500 Subject: Deliver Cleaned Messages = yes (bypasses spam engine) In-Reply-To: <52E73CF5.9070307@mailborder.com> References: <52E69BD0020000D50004C35D@mail.rushville.k12.in.us> <52E6EFB9.5080809@mailborder.com> <52E6C39A020000D50004C367@mail.rushville.k12.in.us> <52E71251.90606@huntley.net> <52E6E68A020000D50004C373@mail.rushville.k12.in.us> <52E73CF5.9070307@mailborder.com> Message-ID: <52E6FB02020000D50004C382@mail.rushville.k12.in.us> Jerry, Thanks for the clarification. I will do this. This makes sense. Shawn Iverson Rush County Schools District Technology Coordinator iversons at rushville.k12.in.us >>> Jerry Benton 1/28/2014 12:15 AM >>> Shawn, I think you missed my point. Set: Deliver Cleaned Messages = no As it is very unlikely that you are going to find an email that is not spam that accidentally had a virus attached by someone. I have checked some logs and all checks stop once a virus is found. -- Jerry Benton www.mailborder.com . ( https://efa.rushville.k12.in.us/cgi-bin/learn-msg.cgi?id=EDF9D81565.A49D9&token=bf9dc1fffab6d960e23d19d9c256ccf4 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140128/a5d333ae/attachment.html From tiago at tiagoti.com.br Fri Jan 31 15:09:53 2014 From: tiago at tiagoti.com.br (Tiago Eduardo Zacarias) Date: Fri, 31 Jan 2014 13:09:53 -0200 Subject: Filter-Files Message-ID: <52EBBCC1.80600@tiagoti.com.br> Good Morning List MailScanner, I ha a few days trying to accomplish in the file filter mailscanner unsuccessfully already realized reinstalling it with all dependencies, and even by setting the parameters to allow and deny files to the files filetypes but I can not perform the filter in mailscanner if I send out direct aqruivo example executable type attached zipped or not the mailscanner blocks, like a support to this problem. Attached the file mailscanner. Thank you. CPU = Pentium 4 3 Ghz Postfix Version: 2.6.6-2.2 MailScanner Version: 4.84.6-1 From maxsec at gmail.com Fri Jan 31 16:15:14 2014 From: maxsec at gmail.com (Martin Hepworth) Date: Fri, 31 Jan 2014 16:15:14 +0000 Subject: Filter-Files In-Reply-To: <52EBBCC1.80600@tiagoti.com.br> References: <52EBBCC1.80600@tiagoti.com.br> Message-ID: What have you tried with the filetypes thats doesnt work and did you start and stop MailScanner after the change? -- Martin Hepworth, CISSP Oxford, UK On 31 January 2014 15:09, Tiago Eduardo Zacarias wrote: > Good Morning List MailScanner, > > I ha a few days trying to accomplish in the file filter mailscanner > unsuccessfully already realized reinstalling it with all dependencies, > and even by setting the parameters to allow and deny files to the files > filetypes but I can not perform the filter in mailscanner if I send out > direct aqruivo example executable type attached zipped or not the > mailscanner blocks, like a support to this problem. > > > Attached the file mailscanner. > > > Thank you. > > CPU = Pentium 4 3 Ghz > Postfix Version: 2.6.6-2.2 > MailScanner Version: 4.84.6-1 > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140131/d6e5c8d8/attachment.html