Filename Restrictions Not working

James Nelson James.Nelson at vgt.net
Thu Feb 19 14:47:11 GMT 2015


Hi Kevin,

I never touched the filename\type rules or their associated line items in MailScanner.conf until I realized it wasn't working, so they have failed in both a virgin state and in a "test" state, trying various configurations that I've seen work for other people.  I'm not defining anything as an allowed filetype, so that shouldn't be tripping me up I don't think.

This front-ends an Exchange system, and if I can't get it working I could use Exchange transport rules to disallow these filetypes, I just hate to do that because it puts processing back on my backend production mail system, as well as losing the ability to search within the contents of an archived file.  I don't want to have to put a blanket block on zip files as in the old days, I would much rather leverage MailScanner's ability to block only those that contain malicious filetypes.



"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Wednesday, February 18, 2015 6:21 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Do you have filename.rules and filetype.rules files or did you edit MailScanner.conf?

Here's my filename/type rules.  They're the default.  I presume they match yours.

/etc/MailScanner # cat filename.rules
From:           127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:       default         /etc/MailScanner/filename.rules.conf

/etc/MailScanner # cat filetype.rules
From:           127.0.0.1       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:       default         /etc/MailScanner/filetype.rules.conf

/etc/MailScanner # cat filename.rules.allowall.conf 
allow   .*      -       -

A while back I was having an issue where an Office365 Word doc was getting flagged as an executable and blocked.  I tried using the "Allow Filenames" and "Allow Filetypes" in MailScanner.conf.  The notes in there said that I'd have to an entry for both name and type.  I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I".  (I was trying to allow .dat files with a four character name composed of hexadecimal characters.  Specifically 0000.dat but not limited to it.)   The notes said the exception would have to match both rules to pass.  It didn't.  It had the odd effect of letting any .exe file through regardless of the name.

Have you tried reverting the filename.rules and filetype.rules back to the stock setting and mucking around in filename.rules.conf or filetype.rules.conf instead?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


More information about the MailScanner mailing list