File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments?
sales at edenusa.com
Wed Feb 8 23:39:42 UTC 2017
Our MTA is Sendmail.
The contents of the /etc/init.d/mailscanner file are massive and difficult to cut and paste here. So I don't know how I am going to fix that issue. However, that is secondary to the attachment issue.
Unfortunately, in the meantime, I also had another incident where a sender sending an attachment resulted in this bounce-back email again (I added those "--START OF MESSAGE-- and --END..." banners):
--START OF MESSAGE--
Warning: This message has had one or more attachments removed
Warning: (the entire message).
Warning: Please read the "EdenUSAInc-Attachment-Warning.txt" attachment(s) for more information.
This is a message from the MailScanner E-Mail Virus Protection Service
The original e-mail attachment "the entire message"
was believed to be dangerous and/or infected by a virus and has been replaced by this warning message.
Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the infected attachment. Please ask the sender of the message to disinfect their original version and send you a clean copy.
At Wed Feb 8 07:28:11 2017 the scanner said:
Too many attachments in message
Eden USA, Inc.
For all your IT requirements visit: http://www.transtec.co.uk
--END OF MESSAGE--
Also, where is that very last line coming from? "For all your IT requirements visit: http://www.transteck.co.uk"
In fact, please also note that the "EdenUSAInc-Attacvhment-Warning.txt" attachment is not actually attached to the message.
I really need to get this fixed. Do you have any more ideas? I simply need to SHUT OFF all file attachment scanning, and tell MailScanner somehow to stop doing anything at all with attachments. I just want to allow everything through, in terms of attachments.
Thank you very much for your help.
From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Mark Sapiro
Sent: Tuesday, February 07, 2017 1:29 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: File(name|type) rules - was hijacked: "Allow Script Tags" affects attachments?
On 02/07/2017 01:16 PM, Paul Scott wrote:
> Basically, turning everything off. However, I did find another issue, and that is that the standard way we use to restart MailScanner has changed. I tried this:
> [root at mail MailScanner]#service mailscanner restart
> Which appeared to restart the MailScanner correctly, but processing no longer worked. I had to reboot the machine, which caused a major issue, and had to drive 100+ miles to the server room to manually start it up again.
> What is the recommended way of getting MailScanner properly restarted, after making configuration file changes?
It is what you did. Namely,
service mailscanner restart
Why it didn't work, I can't say. There have been changes from MailScanner V4 to V5 in that restarting, starting and stopping the MTA is decoupled from restarting, starting and stopping MailScanner.
In order to say more, I'd need to know what your MTA is and the contents of /etc/init.d/mailscanner.
Also, the contents of the system mail log from around the time you did the service mailscanner restart might have clues.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
MailScanner mailing list
mailscanner at lists.mailscanner.info
More information about the MailScanner