new malware bypass MailScanner filename rules !
Mark Sapiro
mark at msapiro.net
Wed Mar 30 14:24:59 UTC 2016
On 3/30/16 2:27 AM, ezwww wrote:
>
> It's a problem with mime header, body malformed that allowed to pass
> MailScanner ?
>
>
> --Apple-Mail=_31ABD19B-909E-3C06-CDC8-B14649A4772C
> Content-Disposition: inline; filename="xxxxx_document_003F11.zip"
> Content-Type: application/x-rar-compressed; x-unix-mode=0600;
> name="xxxxx_document_003F11.zip"
> Content-Transfer-Encoding: base64
As mentioned in another reply, this is a RAR compressed file, not a true
ZIP. Do you have unrar installed and, e.g.
Unrar Command = /usr/bin/unrar
pointing to it in your MailScanner config?
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list