Allow filenames

Mark Sapiro mark at msapiro.net
Wed Feb 15 23:14:44 UTC 2017


On 02/15/2017 12:44 PM, Danita Zanre wrote:
> I have a sender who makes PDFs from Excel spreadsheets, and creates the
> names as "GD021517-5.xls.pdf”.  These are being blocked as "MailScanner:
> Attempt to hide real filename extension”.  I’d like to allow these for a
> particular receiving domain only (we have multiple domain names that our
> system scans for.  I thought I had seen a setting that would allow this,
> but I can no longer find it.


At the end of /etc/MailScanner/filename.rules.conf you will see


> # Allow repeated file extension, e.g. blah.zip.zip
> allow   (\.[a-z0-9]{3})\1$      -       -
> 
> # Allow days of the week and months in doc names, e.g. blah.wed.doc
> allow   \.(mon|tue|wed|thu|fri|sat|sun)\.[a-z0-9]{3}$   -       -
> allow   \.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$        -       -
> 
> # Deny all other double file extensions. This catches any hidden filenames.
> deny    \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename hiding                          Attempt to hide real filename extension

If all you want is to allow names that end with .xls.pdf, add the line

allow	\.xls\.pdf$	-	-

ahead of the # Deny comment, or if you want to allow all double
extensions, just remove the # Deny comment and the following deny line.

Also read the info at the beginning of the file, especially the part
about using tabs, not spaces as field delimiters.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the MailScanner mailing list