new malware bypass MailScanner filename rules !

Mark Sapiro mark at
Wed Mar 30 14:24:59 UTC 2016

On 3/30/16 2:27 AM, ezwww wrote:
> It's a problem with mime header, body malformed that allowed to pass
> MailScanner ?

> --Apple-Mail=_31ABD19B-909E-3C06-CDC8-B14649A4772C
> Content-Disposition: inline; filename=""
> Content-Type: application/x-rar-compressed; x-unix-mode=0600;
> name=""
> Content-Transfer-Encoding: base64

As mentioned in another reply, this is a RAR compressed file, not a true
ZIP. Do you have unrar installed and, e.g.

Unrar Command = /usr/bin/unrar

pointing to it in your MailScanner config?

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list