Bypass filtetype or filename blocking and quarantine
George Papamichelakis
gpapamichelakis at gmail.com
Sat Dec 1 11:15:02 UTC 2018
On 11/30/18 10:45 PM, Mark Sapiro wrote:
> On 11/30/18 11:11 AM, George Papamichelakis wrote:
>
>
> However, I was mistaken when I said you couldn't use the %...% notation
> in a ruleset file. I have tested that and the %...% substitutions do
> work in rules files.
>
I have repeated the checks, add my email to filename.rules (attached)
and send one message from
gmail account to subject server, this is an attachement zip file which
was previous blocked by other user,
the message stomped as I can see :
Report: MailScanner: Attempt to hide real filename extension (55.TIP.pdf)
MailScanner: Attempt to hide real filename extension (55.TIP.pdf)
Attached also is the allowall rules file . In my conf.d setup file I have :
Filename Rules = %rules-dir%/filename.rules
Filetype Rules = %rules-dir%/filetype.rules
I also tried replacing %etc-dir% and %rules-dir% with the actual path
and got the same result.
I'm using 5.0.2 mailscanner by the way if this rings any bell , I can't
upgrade yet to current version due
to other reasons.
George
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181201/96619aaf/attachment.html>
-------------- next part --------------
# This Ruleset will allow all attached files to pass
allow .* - -
-------------- next part --------------
# File to control which domains get filename checking
# mail form or to noscan.com will not have filenames checked
From: gpapamichelakis at gmail.com %etc-dir%/filename.rules.allowall.conf
#Default
FromOrTo: default %etc-dir%/filename.rules.conf
More information about the MailScanner
mailing list