Filename Restrictions Not working
Kevin Miller
kevin.miller at juneau.org
Thu Feb 19 21:31:06 GMT 2015
Eicar is a virus test signature. It should be caught by your virus scanner. It should also be denied by filetype checks. If it gets that far. I don't recall which happens first, virus checking or spam checking. I think filename/type checking would fall under the spam check umbrella...
Refresh our memory, what distro and version are you running? What version of file do you have?
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Thursday, February 19, 2015 12:12 PM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> One thing of note...maybe, maybe not...is that when I run MailScanner --
> lint , I notice this:
>
> Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks:
> Allowing 1 eicar.com (no match found)
>
> If my filename\type checks were working, shouldn't it be denying that
> type, given that I have excecutables configured (as default) to deny in
> my filetype.rules.conf?
>
>
>
> "a rockpile ceases to be a rockpile the moment a single man contemplates
> it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Wednesday, February 18, 2015 6:21 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Do you have filename.rules and filetype.rules files or did you edit
> MailScanner.conf?
>
> Here's my filename/type rules. They're the default. I presume they
> match yours.
>
> /etc/MailScanner # cat filename.rules
> From: 127.0.0.1
> /etc/MailScanner/filename.rules.allowall.conf
> FromOrTo: default /etc/MailScanner/filename.rules.conf
>
> /etc/MailScanner # cat filetype.rules
> From: 127.0.0.1
> /etc/MailScanner/filetype.rules.allowall.conf
> FromOrTo: default /etc/MailScanner/filetype.rules.conf
>
> /etc/MailScanner # cat filename.rules.allowall.conf
> allow .* - -
>
> A while back I was having an issue where an Office365 Word doc was
> getting flagged as an executable and blocked. I tried using the "Allow
> Filenames" and "Allow Filetypes" in MailScanner.conf. The notes in
> there said that I'd have to an entry for both name and type. I set
> "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I".
> (I was trying to allow .dat files with a four character name composed of
> hexadecimal characters. Specifically 0000.dat but not limited to it.)
> The notes said the exception would have to match both rules to pass. It
> didn't. It had the odd effect of letting any .exe file through
> regardless of the name.
>
> Have you tried reverting the filename.rules and filetype.rules back to
> the stock setting and mucking around in filename.rules.conf or
> filetype.rules.conf instead?
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list