Filename wrongly triggers CLSID-Rule in Filename.rules.conf

Heino Backhaus heino.backhaus at
Fri Mar 27 15:10:36 GMT 2015

Hello All,

I've enjoyed using mailscanner for many years now. Thanks to all.
I would realy appreciate your help with a problem i was running across.

An attached bitmap (a companys logo) triggeres wrongly the CLSID 
Filename rule.

The MailWatch report says:
Report:    MailScanner: Files containing CLSID's are trying to hide 
their real type (CLIP-%7B8EC58011.bmp)

The corresponding rule from filename.rules.conf is stated below:

# Deny filenames containing CLSID's
deny    \{[a-hA-H0-9-]{25,}\}   Filename trying to hide its real type 
                       Files containing  CLSID's are trying to hide 
their real type

The first question is. Does Mailscanner rename a file with a CLSID in 
the filename to something like this: CLIP-%7B8EC58011.bmp ?

A strange thing is that this file downloaded from Mailwatch and attached 
to a new (html) mail will pass the Mailscanner.
So i think it's renamed...
But when you try to release the mail from quarantine it triggers
the CLSID-Rule again ... I'm a little confused about this and need help.

My Softwareversions are:

MailWatch Version = 1.2.0 - Beta 5

MailScanner Version = 4.84.6

PHP Version = 5.5.9-1ubuntu4.7

MySQL Version = 5.5.41-0ubuntu0.14.04.1

Thanks in advance.


"In retrospect it becomes clear that hindsight is definitely overrated!"

   -Alfred E. Neumann

More information about the MailScanner mailing list