Filename Restrictions Not working
Kevin Miller
kevin.miller at juneau.org
Fri Feb 20 01:19:34 GMT 2015
Hmmm. If it's not a production server I'd say wipe it and reinstall from scratch at this point.
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Thursday, February 19, 2015 1:09 PM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Right, and clamd is detecting that successfully, but as noted in the
> earlier message, it is being inspected via the File check, detected as
> an executable, and then "allowed." If it's not working at that level in
> a test scenario, I'm probably hopeless for it to work on anything else
> :)
>
> MailScanner is version 4.84.6, Centos 6.6, file is version 5.04
>
> "a rockpile ceases to be a rockpile the moment a single man contemplates
> it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Thursday, February 19, 2015 3:31 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Eicar is a virus test signature. It should be caught by your virus
> scanner. It should also be denied by filetype checks. If it gets that
> far. I don't recall which happens first, virus checking or spam
> checking. I think filename/type checking would fall under the spam
> check umbrella...
>
> Refresh our memory, what distro and version are you running? What
> version of file do you have?
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of James Nelson
> > Sent: Thursday, February 19, 2015 12:12 PM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > One thing of note...maybe, maybe not...is that when I run MailScanner
> > -- lint , I notice this:
> >
> > Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks:
> > Allowing 1 eicar.com (no match found)
> >
> > If my filename\type checks were working, shouldn't it be denying that
> > type, given that I have excecutables configured (as default) to deny
> > in my filetype.rules.conf?
> >
> >
> >
> > "a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral."
> >
> >
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
> > Sent: Wednesday, February 18, 2015 6:21 PM
> > To: 'MailScanner discussion'
> > Subject: RE: Filename Restrictions Not working
> >
> > Do you have filename.rules and filetype.rules files or did you edit
> > MailScanner.conf?
> >
> > Here's my filename/type rules. They're the default. I presume they
> > match yours.
> >
> > /etc/MailScanner # cat filename.rules
> > From: 127.0.0.1
> > /etc/MailScanner/filename.rules.allowall.conf
> > FromOrTo: default /etc/MailScanner/filename.rules.conf
> >
> > /etc/MailScanner # cat filetype.rules
> > From: 127.0.0.1
> > /etc/MailScanner/filetype.rules.allowall.conf
> > FromOrTo: default /etc/MailScanner/filetype.rules.conf
> >
> > /etc/MailScanner # cat filename.rules.allowall.conf
> > allow .* - -
> >
> > A while back I was having an issue where an Office365 Word doc was
> > getting flagged as an executable and blocked. I tried using the
> > "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The
> > notes in there said that I'd have to an entry for both name and type.
> > I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-
> f]{4}\.dat$/I".
> > (I was trying to allow .dat files with a four character name composed
> > of hexadecimal characters. Specifically 0000.dat but not limited to
> > it.) The notes said the exception would have to match both rules to
> > pass. It didn't. It had the odd effect of letting any .exe file
> > through regardless of the name.
> >
> > Have you tried reverting the filename.rules and filetype.rules back to
> > the stock setting and mucking around in filename.rules.conf or
> > filetype.rules.conf instead?
> >
> > ...Kevin
> > --
> > Kevin Miller
> > Network/email Administrator, CBJ MIS Dept.
> > 155 South Seward Street
> > Juneau, Alaska 99801
> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> > 307357
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list