new malware bypass MailScanner filename rules !
mark at msapiro.net
Wed Mar 30 14:24:59 UTC 2016
On 3/30/16 2:27 AM, ezwww wrote:
> It's a problem with mime header, body malformed that allowed to pass
> MailScanner ?
> Content-Disposition: inline; filename="xxxxx_document_003F11.zip"
> Content-Type: application/x-rar-compressed; x-unix-mode=0600;
> Content-Transfer-Encoding: base64
As mentioned in another reply, this is a RAR compressed file, not a true
ZIP. Do you have unrar installed and, e.g.
Unrar Command = /usr/bin/unrar
pointing to it in your MailScanner config?
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner