Filename wrongly triggers CLSID-Rule in Filename.rules.conf

Glenn Steen glenn.steen at gmail.com
Mon Apr 27 21:01:02 UTC 2015 

Not strange at all:
When you download the file, it'll be renamed to the sanitized name,
which will pass through just dandy.
When you release the message, it still contain the CLSID thing, and
will trigger the same rule. One can set things so that you don't use
the same rules for released messages, but that may be a bit involved.
I usually just use WinSCP to download the attachment directly from the
quarantine.

Cheers!
-- 
-- Glenn

On 27 March 2015 at 16:10, Heino Backhaus
<heino.backhaus at fink-computer.de> wrote:
>
> Hello All,
>
>
> I've enjoyed using mailscanner for many years now. Thanks to all.
> I would realy appreciate your help with a problem i was running across.
>
> An attached bitmap (a companys logo) triggeres wrongly the CLSID
> Filename rule.
>
> The MailWatch report says:
> Report:    MailScanner: Files containing CLSID's are trying to hide
> their real type (CLIP-%7B8EC58011.bmp)
>
> The corresponding rule from filename.rules.conf is stated below:
>
> # Deny filenames containing CLSID's
> deny    \{[a-hA-H0-9-]{25,}\}   Filename trying to hide its real type
>                        Files containing  CLSID's are trying to hide
> their real type
>
> The first question is. Does Mailscanner rename a file with a CLSID in
> the filename to something like this: CLIP-%7B8EC58011.bmp ?
>
> A strange thing is that this file downloaded from Mailwatch and attached
> to a new (html) mail will pass the Mailscanner.
> So i think it's renamed...
> But when you try to release the mail from quarantine it triggers
> the CLSID-Rule again ... I'm a little confused about this and need help.
>
>
> My Softwareversions are:
>
> MailWatch Version = 1.2.0 - Beta 5
>
> MailScanner Version = 4.84.6
>
> PHP Version = 5.5.9-1ubuntu4.7
>
> MySQL Version = 5.5.41-0ubuntu0.14.04.1
>
>
> Thanks in advance.
> -Heino
>
> --
>
> "In retrospect it becomes clear that hindsight is definitely overrated!"
>
>    -Alfred E. Neumann
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!



-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list