Filename Restrictions Not working

Jerry Benton jerry.benton at mailborder.com
Mon Feb 23 19:18:05 GMT 2015 

I mentioned Mailborder earlier because after I wrote everything I kind of forgot about it, but here is an example using one domain and a default ruleset. Keep in mind this isn’t using MailScanner default file names. This is how rulesets should be used. 

The MailScanner.conf reads the custom configuration file ./conf.d/mailborder.conf which then defines this file: /etc/MailScanner/frules/filename.rules for Filename rules which contains this:

# Domain Policies
FromOrTo:	linuxref.com	/etc/MailScanner/frules/linuxref.com.fn.conf
FromOrTo:	default	/etc/MailScanner/frules/default.fn.rules.conf

The default.fn.rules.conf contains this, which I am truncating for brevity:

deny	\.bak$	 - 	 -
allow	\.bz2$	 - 	 -
deny	\{[a-hA-H0-9-]{25,}\}	 - 	 -
allow	\.Z$	 - 	 -
deny	\s{10,}	 - 	 -
deny	\.fdf$	 - 	 -
allow	\.(mon|tue|wed|thu|fri|sat|sun)\.[a-z0-9]{3}$	 - 	 -
allow	\.x\d+\.rel$	 - 	 -


So, it looks like your use of *@* is incorrect and should be “default”. 


-
Jerry Benton
www.mailborder.com



> On Feb 23, 2015, at 1:26 PM, James Nelson <James.Nelson at vgt.net> wrote:
> 
> Well, an interesting update...
> 
> I changed up my approach, and pointed the Deny Filenames = in MailScanner.conf to %rules-dir%/filename_deny.rules , which is as follows:
> 
> To:	*@*	\.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$ \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,} \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$
> 
> When running MailScanner --lint now, it DOES detect eicar.com as a blocked filetype.  However, it's still allowing blocked filetypes through ?                                                                                                                                                                                                                                                                                       
> 
> 
> 
> 
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
> 
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Sunday, February 22, 2015 4:11 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
> 
> Its not beta anymore. (The RPM package.)
> 
> -
> Jerry Benton
> www.mailborder.com
> 
> 
> 
>> On Feb 22, 2015, at 4:33 PM, James Nelson <James.Nelson at vgt.net> wrote:
>> 
>> I will try that tomorrow...i'm about out of other ideas.
>> 
>> I suppose I could also try the new MS beta, just to throw something else at the wall...
>> 
>> 
>> 
>> 
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>> 
>> 
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
>> Sent: Saturday, February 21, 2015 5:54 AM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>> 
>> I’m not pimping my product, but I would suggest you install a Mailborder server for a comparison test. Check to see if it is working correctly (the Mailborder server) and compare the configs on the Mailborder server to yours. This will at least eliminate the Mailscanner configuration variable from the equation. 
>> 
>> -
>> Jerry Benton
>> www.mailborder.com
>> 
>> 
>> 
>>> On Feb 21, 2015, at 2:29 AM, James Nelson <James.Nelson at vgt.net> wrote:
>>> 
>>> Sigh, built a brand new MailScanner box from scratch...once again, everything works except filename checking. The only thing I changed was to disallow zip files(just changed allow to deny in filenames.rules.conf) and it still lets it all through.
>>> 
>>> It just doesn't seem to want to work, with no errors to shed any light.
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website! 
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website! 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list