wrong detection of file?
L.P.H. van Belle
belle at bazuin.nl
Tue May 28 15:02:00 UTC 2019
Yes, i have 2 of them.
filename.rules.conf:deny \.com$ Windows/DOS Executable
archives.filename.rules.conf:deny \.com$ Windows/DOS Executable Executable DOS/Windows programs are dangerous in email
Greetz,
Louis
Van: Shawn Iverson [mailto:iversons at rushville.k12.in.us]
Verzonden: dinsdag 28 mei 2019 16:59
Aan: MailScanner Discussion
CC: L.P.H. van Belle
Onderwerp: Re: wrong detection of file?
Yeah, it is matching by filename, not filetype, and it may be parsing the name wrong.
Can you verify this rule is present?
deny \.com$
Which should not match because it is not the end of the filename but I bet it is.
On Tue, May 28, 2019 at 10:43 AM L.P.H. van Belle via MailScanner <mailscanner at lists.mailscanner.info> wrote:
Hai Shawn,
Have you ever seen something like this.
I just e-mailed a file, with a name as shown below.
SSL Server Test hostname.example.com (Powered by Qualys SSL Labs).pdf
The resport shows :
Message: Executable DOS/Windows programs are dangerous in email (SSL Server Tes.com)
And its shown in mailwatch as : application/pdf; charset=binary
Now the thing i dont get here is, how is the name "SSL Server Tes.com" constructed from
The name : SSL Server Test hostname.example.com (Powered by Qualys SSL Labs).pdf
I only change the hostname and domain here, i kept the format exact the same.
Greetz,
Louis
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
Shawn Iverson, CETL Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190528/37f43c3a/attachment.html>
More information about the MailScanner
mailing list