SV: SV: Stopping .js in .zip

Trond M. Markussen markussen at
Wed Feb 22 12:29:49 UTC 2017

Thanks for the info. In that case, stopping these attacks should not be a
problem with the current MS version as I understand it.

Could it be a conflict between allowing ZIPs and denying JS files in
allow   \.zip$ 
deny    \.jse?$

By the way, we have Maximum Archive Depth = 5.

Is there perhaps a way to block js files in filetype.rules.conf?


Trond M.

-----Opprinnelig melding-----
Fra: MailScanner
[ at] På
vegne av Mark Sapiro
Sendt: 21. februar 2017 18:16
Til: mailscanner at
Emne: Re: SV: Stopping .js in .zip

On 02/21/2017 05:53 AM, Trond M. Markussen wrote:
> Thanks for the feedback. I noticed that there was no " Archives Are" 
> setting in MailScanner.conf, presumably  this was added in a later 
> version (we are running 4.74.16).

It was added in 4.76.1.

> - Is there another way to make sure .js witnin .zip files are stopped 
> (using the current version)?

I don't recall for sure, but I think in versions prior to 4.76, the same
filename rules were applied to files inside archives just as to unarchived

> - Would you recommend upgrading to the latest version (if so, is this 
> a complicated and/or risky process)?

Upgrading would be good, but the latest (v5) versions have significant
changes so the process isn't completely turnkey.

There are still v4 packages at

and a later deb at

although the other 4.86.1-1 versions don't seem to be there.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

MailScanner mailing list
mailscanner at

More information about the MailScanner mailing list