Filename Restrictions Not working

Jason Ede J.Ede at birchenallhowden.co.uk
Tue Feb 24 13:35:57 GMT 2015


Have you checked your Virus Names Which Are Spam setting?

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of James Nelson
Sent: 24 February 2015 13:23
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Hi Glenn, I ran --lint as postfix and it does detect eicar.com<http://eicar.com> as a blocked filetype, it just doesn't do anything about it during mail scanning.  I had the thought that my rules files had permissions problems, but I made them readable for everyone just to be sure.

I have the group as Apache as part of the configuration for MailWatch.



On Feb 24, 2015, at 3:37 AM, Glenn Steen <glenn.steen at gmail.com<mailto:glenn.steen at gmail.com>> wrote:

I see you have run as user/group set to postfix/apache...  When you've done your lint and debug runs, did you do them as postfix user or root?
My guess is that the rule file for filenames might not be readable to the postfix user.

Cheers!
--
-- Glenn
Den 23 feb 2015 22:09 skrev "James Nelson" <James.Nelson at vgt.net<mailto:James.Nelson at vgt.net>>:

Sorry about that, I thought I set it to public. Try again :).

Jerry, I'm building a Mailborder server now to test.


"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Kevin Miller
Sent: Monday, February 23, 2015 2:20 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

It said this "This is a private paste. If you created this paste, please login to view it."  I couldn't see it.

If there's anything that needs to be munged (like your watermark), just edit that before posting and make it a public post.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No: 307357


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> bounces at lists.mailscanner.info<mailto:bounces at lists.mailscanner.info>] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 10:52 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Kevin,
>
> Here's my complete MailScanner.conf:
>
> http://pastebin.com/ci9dz8iL
>
> Jerry:
>
> I changed default to *@* this morning in the course of my, "did that
> work? No, okay, how about this," but the result was the same regardless.
>
> I'm not applying any configuration via conf.d at the moment...if I
> were to do that, would it supersede anything in MailScanner.conf?
>
>
>
> "a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> bounces at lists.mailscanner.info<mailto:bounces at lists.mailscanner.info>] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 12:50 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Maybe you could post your MailScanner.conf to pastebin.  I'm guessing
> something in there is wonky.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> bounces at lists.mailscanner.info<mailto:bounces at lists.mailscanner.info>] On Behalf Of
> > James Nelson
> > Sent: Monday, February 23, 2015 9:26 AM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > Well, an interesting update...
> >
> > I changed up my approach, and pointed the Deny Filenames = in
> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> > follows:
> >
> > To: *@*     \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
> > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
> > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
> > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
> >
> > When running MailScanner --lint now, it DOES detect eicar.com<http://eicar.com> as a
> > blocked filetype.  However, it's still allowing blocked filetypes
> > through ?
> >
> >
> >
> >
> > "a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral."
> >
> >
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> bounces at lists.mailscanner.info<mailto:bounces at lists.mailscanner.info>] On Behalf Of
> > Jerry Benton
> > Sent: Sunday, February 22, 2015 4:11 PM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > Its not beta anymore. (The RPM package.)
> >
> > -
> > Jerry Benton
> > www.mailborder.com<http://www.mailborder.com>
> >
> >
> >
> > > On Feb 22, 2015, at 4:33 PM, James Nelson <James.Nelson at vgt.net<mailto:James.Nelson at vgt.net>>
> > wrote:
> > >
> > > I will try that tomorrow...i'm about out of other ideas.
> > >
> > > I suppose I could also try the new MS beta, just to throw
> > > something
> > else at the wall...
> > >
> > >
> > >
> > >
> > > "a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral."
> > >
> > >
> > > -----Original Message-----
> > > From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>
> > > [mailto:mailscanner-<mailto:mailscanner->
> > bounces at lists.mailscanner.info<mailto:bounces at lists.mailscanner.info>] On Behalf Of Jerry Benton
> > > Sent: Saturday, February 21, 2015 5:54 AM
> > > To: MailScanner discussion
> > > Subject: Re: Filename Restrictions Not working
> > >
> > > I'm not pimping my product, but I would suggest you install a
> > Mailborder server for a comparison test. Check to see if it is
> > working correctly (the Mailborder server) and compare the configs on
> > the Mailborder server to yours. This will at least eliminate the
> > Mailscanner configuration variable from the equation.
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com<http://www.mailborder.com>
> > >
> > >
> > >
> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <James.Nelson at vgt.net<mailto:James.Nelson at vgt.net>>
> > wrote:
> > >>
> > >> Sigh, built a brand new MailScanner box from scratch...once
> > >> again,
> > everything works except filename checking. The only thing I changed
> > was to disallow zip files(just changed allow to deny in
> > filenames.rules.conf) and it still lets it all through.
> > >>
> > >> It just doesn't seem to want to work, with no errors to shed any
> > light.
> > >> --
> > >> MailScanner mailing list
> > >> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150224/100cdac6/attachment.html 


More information about the MailScanner mailing list