Filename Restrictions Not working

Denis Beauchemin Denis.Beauchemin at
Fri Feb 20 13:53:13 GMT 2015

My MailScanner --lint returns:
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
Filename Checks: Fichiers COM dangereux (1
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
Virus Scanning: Clamd found 2 infections
Infected message 1 came from
Virus Scanning: Found 2 viruses
Virus Scanner test reports:
Clamd said " was infected: Eicar-Test-Signature"

I'm running version 4.84.5 on RHEL 6.6 with a lot of Perl stuff not up to date because I put exclude=perl* in /etc/yum.conf just to make sure an update does not cause trouble.


-----Message d'origine-----
De : mailscanner-bounces at [mailto:mailscanner-bounces at] De la part de James Nelson
Envoyé : 19 février 2015 16:19
À : MailScanner discussion
Objet : RE: Filename Restrictions Not working

One thing of note...maybe, maybe that when I run MailScanner --lint , I notice this:

Filename Checks: Windows/DOS Executable (1 Filetype Checks: Allowing 1 (no match found)

If my filename\type checks were working, shouldn't it be denying that type, given that I have excecutables configured (as default) to deny in my filetype.rules.conf?

"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."

-----Original Message-----
From: mailscanner-bounces at [mailto:mailscanner-bounces at] On Behalf Of Kevin Miller
Sent: Wednesday, February 18, 2015 6:21 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Do you have filename.rules and filetype.rules files or did you edit MailScanner.conf?

Here's my filename/type rules.  They're the default.  I presume they match yours.

/etc/MailScanner # cat filename.rules
From:        /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:       default         /etc/MailScanner/filename.rules.conf

/etc/MailScanner # cat filetype.rules
From:        /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:       default         /etc/MailScanner/filetype.rules.conf

/etc/MailScanner # cat filename.rules.allowall.conf 
allow   .*      -       -

A while back I was having an issue where an Office365 Word doc was getting flagged as an executable and blocked.  I tried using the "Allow Filenames" and "Allow Filetypes" in MailScanner.conf.  The notes in there said that I'd have to an entry for both name and type.  I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I".  (I was trying to allow .dat files with a four character name composed of hexadecimal characters.  Specifically 0000.dat but not limited to it.)   The notes said the exception would have to match both rules to pass.  It didn't.  It had the odd effect of letting any .exe file through regardless of the name.

Have you tried reverting the filename.rules and filetype.rules back to the stock setting and mucking around in filename.rules.conf or filetype.rules.conf instead?

Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 
MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list