Filename Restrictions Not working

Tue Feb 24 16:28:31 GMT 2015

Hi Glenn,

I ran that test and got the exact result you did, which is either good or very bad, because it's still not working :)

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
Sent: Tuesday, February 24, 2015 9:55 AM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.

You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
-bash-4.2$ MailScanner --value=filenamerules --from=someone at example.net --to=someoneelse at yourdomain.com Looked up internal option name "filenamerules"
With sender = someone at example.net
  recipient = someoneelse at yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
-bash-4.2$

Check the syntax with "MailScanner --help".

Seems to me that the ruleset is borked, the actual filenames aren't read, or there still resida a postfix instance that don't have the correct HOLD thingy on your system... In decreasing order of
probability;-)

Cheers
--
-- Glenn

On 24 February 2015 at 14:22, James Nelson <James.Nelson at vgt.net> wrote:
> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a 
> blocked filetype, it just doesn't do anything about it during mail 
> scanning.  I had the thought that my rules files had permissions 
> problems, but I made them readable for everyone just to be sure.
>
> I have the group as Apache as part of the configuration for MailWatch.
>
>
>
> On Feb 24, 2015, at 3:37 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
>
> I see you have run as user/group set to postfix/apache...  When you've 
> done your lint and debug runs, did you do them as postfix user or root?
> My guess is that the rule file for filenames might not be readable to 
> the postfix user.
>
> Cheers!
> --
> -- Glenn
>
> Den 23 feb 2015 22:09 skrev "James Nelson" <James.Nelson at vgt.net>:
>>
>>
>> Sorry about that, I thought I set it to public. Try again :).
>>
>> Jerry, I'm building a Mailborder server now to test.
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man 
>> contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
>> Kevin Miller
>> Sent: Monday, February 23, 2015 2:20 PM
>> To: 'MailScanner discussion'
>> Subject: RE: Filename Restrictions Not working
>>
>> It said this "This is a private paste. If you created this paste, 
>> please login to view it."  I couldn't see it.
>>
>> If there's anything that needs to be munged (like your watermark), 
>> just edit that before posting and make it a public post.
>>
>> ...Kevin
>> --
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> 307357
>>
>>
>> > -----Original Message-----
>> > From: mailscanner-bounces at lists.mailscanner.info 
>> > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>> > James Nelson
>> > Sent: Monday, February 23, 2015 10:52 AM
>> > To: MailScanner discussion
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Kevin,
>> >
>> > Here's my complete MailScanner.conf:
>> >
>> > http://pastebin.com/ci9dz8iL
>> >
>> > Jerry:
>> >
>> > I changed default to *@* this morning in the course of my, "did 
>> > that work? No, okay, how about this," but the result was the same regardless.
>> >
>> > I'm not applying any configuration via conf.d at the moment...if I 
>> > were to do that, would it supersede anything in MailScanner.conf?
>> >
>> >
>> >
>> > “a rockpile ceases to be a rockpile the moment a single man 
>> > contemplates it, bearing within him the image of a cathedral.”
>> >
>> >
>> > -----Original Message-----
>> > From: mailscanner-bounces at lists.mailscanner.info 
>> > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>> > Kevin Miller
>> > Sent: Monday, February 23, 2015 12:50 PM
>> > To: 'MailScanner discussion'
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Maybe you could post your MailScanner.conf to pastebin.  I'm 
>> > guessing something in there is wonky.
>> >
>> > ...Kevin
>> > --
>> > Kevin Miller
>> > Network/email Administrator, CBJ MIS Dept.
>> > 155 South Seward Street
>> > Juneau, Alaska 99801
>> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> > 307357
>> >
>> >
>> > > -----Original Message-----
>> > > From: mailscanner-bounces at lists.mailscanner.info
>> > > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>> > > James Nelson
>> > > Sent: Monday, February 23, 2015 9:26 AM
>> > > To: MailScanner discussion
>> > > Subject: RE: Filename Restrictions Not working
>> > >
>> > > Well, an interesting update...
>> > >
>> > > I changed up my approach, and pointed the Deny Filenames = in 
>> > > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>> > > follows:
>> > >
>> > > To: *@*     \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>> > > \.chm$
>> > > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ 
>> > > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ 
>> > > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ 
>> > > \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>> > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>> > >
>> > > When running MailScanner --lint now, it DOES detect eicar.com as 
>> > > a blocked filetype.  However, it's still allowing blocked 
>> > > filetypes through ?
>> > >
>> > >
>> > >
>> > >
>> > > “a rockpile ceases to be a rockpile the moment a single man 
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: mailscanner-bounces at lists.mailscanner.info
>> > > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>> > > Jerry Benton
>> > > Sent: Sunday, February 22, 2015 4:11 PM
>> > > To: MailScanner discussion
>> > > Subject: Re: Filename Restrictions Not working
>> > >
>> > > Its not beta anymore. (The RPM package.)
>> > >
>> > > -
>> > > Jerry Benton
>> > > www.mailborder.com
>> > >
>> > >
>> > >
>> > > > On Feb 22, 2015, at 4:33 PM, James Nelson 
>> > > > <James.Nelson at vgt.net>
>> > > wrote:
>> > > >
>> > > > I will try that tomorrow...i'm about out of other ideas.
>> > > >
>> > > > I suppose I could also try the new MS beta, just to throw 
>> > > > something
>> > > else at the wall...
>> > > >
>> > > >
>> > > >
>> > > >
>> > > > “a rockpile ceases to be a rockpile the moment a single man
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > > >
>> > > >
>> > > > -----Original Message-----
>> > > > From: mailscanner-bounces at lists.mailscanner.info
>> > > > [mailto:mailscanner-
>> > > bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
>> > > > Sent: Saturday, February 21, 2015 5:54 AM
>> > > > To: MailScanner discussion
>> > > > Subject: Re: Filename Restrictions Not working
>> > > >
>> > > > I’m not pimping my product, but I would suggest you install a
>> > > Mailborder server for a comparison test. Check to see if it is 
>> > > working correctly (the Mailborder server) and compare the configs 
>> > > on the Mailborder server to yours. This will at least eliminate 
>> > > the Mailscanner configuration variable from the equation.
>> > > >
>> > > > -
>> > > > Jerry Benton
>> > > > www.mailborder.com
>> > > >
>> > > >
>> > > >
>> > > >> On Feb 21, 2015, at 2:29 AM, James Nelson 
>> > > >> <James.Nelson at vgt.net>
>> > > wrote:
>> > > >>
>> > > >> Sigh, built a brand new MailScanner box from scratch...once 
>> > > >> again,
>> > > everything works except filename checking. The only thing I 
>> > > changed was to disallow zip files(just changed allow to deny in
>> > > filenames.rules.conf) and it still lets it all through.
>> > > >>
>> > > >> It just doesn't seem to want to work, with no errors to shed 
>> > > >> any
>> > > light.
>> > > >> --
>> > > >> MailScanner mailing list
>> > > >> mailscanner at lists.mailscanner.info
>> > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >>
>> > > >> Before posting, read http://wiki.mailscanner.info/posting
>> > > >>
>> > > >> Support MailScanner development - buy the book off the website!
>> > > >
>> > > > --
>> > > > MailScanner mailing list
>> > > > mailscanner at lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > > > --
>> > > > MailScanner mailing list
>> > > > mailscanner at lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 