Filename Restrictions Not working

James Nelson James.Nelson at vgt.net
Thu Feb 19 22:09:26 GMT 2015 

Right, and clamd is detecting that successfully, but as noted in the earlier message, it is being inspected via the File check, detected as an executable, and then "allowed."  If it's not working at that level in a test scenario, I'm probably hopeless for it to work on anything else :)

MailScanner is version 4.84.6, Centos 6.6, file is version 5.04

"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Thursday, February 19, 2015 3:31 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Eicar is a virus test signature.  It should be caught by your virus scanner.  It should also be denied by filetype checks.  If it gets that far.  I don't recall which happens first, virus checking or spam checking.  I think filename/type checking would fall under the spam check umbrella...

Refresh our memory, what distro and version are you running?  What version of file do you have?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357 


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner- 
> bounces at lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Thursday, February 19, 2015 12:12 PM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
> 
> One thing of note...maybe, maybe not...is that when I run MailScanner 
> -- lint , I notice this:
> 
> Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks:
> Allowing 1 eicar.com (no match found)
> 
> If my filename\type checks were working, shouldn't it be denying that 
> type, given that I have excecutables configured (as default) to deny 
> in my filetype.rules.conf?
> 
> 
> 
> "a rockpile ceases to be a rockpile the moment a single man 
> contemplates it, bearing within him the image of a cathedral."
> 
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner- 
> bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Wednesday, February 18, 2015 6:21 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
> 
> Do you have filename.rules and filetype.rules files or did you edit 
> MailScanner.conf?
> 
> Here's my filename/type rules.  They're the default.  I presume they 
> match yours.
> 
> /etc/MailScanner # cat filename.rules
> From:           127.0.0.1
> /etc/MailScanner/filename.rules.allowall.conf
> FromOrTo:       default         /etc/MailScanner/filename.rules.conf
> 
> /etc/MailScanner # cat filetype.rules
> From:           127.0.0.1
> /etc/MailScanner/filetype.rules.allowall.conf
> FromOrTo:       default         /etc/MailScanner/filetype.rules.conf
> 
> /etc/MailScanner # cat filename.rules.allowall.conf
> allow   .*      -       -
> 
> A while back I was having an issue where an Office365 Word doc was 
> getting flagged as an executable and blocked.  I tried using the 
> "Allow Filenames" and "Allow Filetypes" in MailScanner.conf.  The 
> notes in there said that I'd have to an entry for both name and type.  
> I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I".
> (I was trying to allow .dat files with a four character name composed 
> of hexadecimal characters.  Specifically 0000.dat but not limited to 
> it.) The notes said the exception would have to match both rules to 
> pass.  It didn't.  It had the odd effect of letting any .exe file 
> through regardless of the name.
> 
> Have you tried reverting the filename.rules and filetype.rules back to 
> the stock setting and mucking around in filename.rules.conf or 
> filetype.rules.conf instead?
> 
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list