File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments?

Paul Scott sales at edenusa.com
Mon Feb 6 20:20:33 UTC 2017


Hello Mark, and thank you so much for your quick reply!

Here is the full body of the email returned back to the user whom is sending out the email, with a Word .DOC file attached to it:

---------- Forwarded message ----------
From: Matt Brudin <matt at erscinc.com>
Date: Mon, Jan 9, 2017 at 2:51 PM
Subject: Circle K -- City of Hemet (EA1611-001)
To: "jon.austin at mp-eng.com" <jon.austin at mp-eng.com>


Warning: This message has had one or more attachments removed
Warning: (the entire message).
Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" attachment(s) for more information.

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "the entire message"
was believed to be dangerous and/or infected by a virus and has been
replaced by this warning message.

Due to limitations placed on us by the Regulation of Investigatory Powers
Act 2000, we were unable to keep a copy of the infected attachment. Please
ask the sender of the message to disinfect their original version and send
you a clean copy.

At Mon Jan  9 14:51:21 2017 the scanner said:
   Too many attachments in message
--
Postmaster
Eden USA, Inc.
www.edenitservices.com

For all your IT requirements visit: http://www.transtec.co.uk


As you'll see in the return message above, it is confusing, because there are two different issues being reported.  

One of the issues is as follows:

The original e-mail attachment "the entire message"
was believed to be dangerous and/or infected by a virus and has been
replaced by this warning message.


The OTHER issue is as follows:

At Mon Jan  9 14:51:21 2017 the scanner said:
   Too many attachments in message


So, which is the true issue, and how to get this fixed, is the question.  Thank you very much!


Sincerely,

Paul Scott
Sales Engineer, Eden USA
Las Vegas, New York, Los Angeles

Phone: 866.501.3336
Fax: 866.502.3336
FACEBOOK: http://www.facebook.com/edenusainc



-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro
Sent: Sunday, February 05, 2017 4:35 PM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments?

On 02/05/2017 04:06 PM, Paul Scott wrote:
> In the MAILSCANNER.CONF file, I find this statement:
> 
> # In the "Filename Rules" and "Filetype Rules" rule files, you can # 
> say that you want particular attachment names or types to be "disarmed"
> # by being renamed. See the sample files for examples of this.
> 
> First, I do not know where these "sample files" are.  I have searched for them, but cannot find them.


The "sample" files are in /etc/MailScanner/. Their names are archives.filename.rules.conf, archives.filetype.rules.conf, filename.rules.conf and filetype.rules.conf. They are both samples and the actual working files configured by default.


> I am having issues with allowing my users the ability to attach .PDF 
> and .DOC and other
types of files, and either send or receive them.
> 
> This issue only started after the upgrade to the 5.0 version.


The default rules do not disallow .pdf or .doc files so there is something else going on.


> Does someone have a clear explanation on how to go ahead and allow users to send/receive emails with .PDFs and .DOC (Word) files (just to start with)?


Please tell us what happens when an email is sent with an attached .pdf or .doc file. What does MailScanner log in the system mail log and what does the received message contain.

One possibility is the attachments are being denied if they seem to have double extensions, e.g. "Joes.file.pdf. I.e., with some exceptions if the actual extension is preceded by a period and 3 or 4 alphanumerics, it is a bad name. This is intended to stop things like

"innocent_name.txt                        .exe"

but stops a lot more than that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner



More information about the MailScanner mailing list