Filename Restrictions Not working

[James Nelson]

One thing of note...maybe, maybe not...is that when I run MailScanner --lint , I notice this:

Filename Checks: Windows/DOS Executable (1 eicar.com)
Filetype Checks: Allowing 1 eicar.com (no match found)

If my filename\type checks were working, shouldn't it be denying that type, given that I have excecutables configured (as default) to deny in my filetype.rules.conf?



"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Wednesday, February 18, 2015 6:21 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Do you have filename.rules and filetype.rules files or did you edit MailScanner.conf?

Here's my filename/type rules.  They're the default.  I presume they match yours.

/etc/MailScanner # cat filename.rules
From:           127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:       default         /etc/MailScanner/filename.rules.conf

/etc/MailScanner # cat filetype.rules
From:           127.0.0.1       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:       default         /etc/MailScanner/filetype.rules.conf

/etc/MailScanner # cat filename.rules.allowall.conf 
allow   .*      -       -

A while back I was having an issue where an Office365 Word doc was getting flagged as an executable and blocked.  I tried using the "Allow Filenames" and "Allow Filetypes" in MailScanner.conf.  The notes in there said that I'd have to an entry for both name and type.  I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I".  (I was trying to allow .dat files with a four character name composed of hexadecimal characters.  Specifically 0000.dat but not limited to it.)   The notes said the exception would have to match both rules to pass.  It didn't.  It had the odd effect of letting any .exe file through regardless of the name.

Have you tried reverting the filename.rules and filetype.rules back to the stock setting and mucking around in filename.rules.conf or filetype.rules.conf instead?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!