Kevin Miller kevin.miller at
Mon Oct 28 22:13:18 UTC 2019

> Or you could just use the single regexp
 > .*\.com[^.]*\.xml(\.gz)?$

> which will match anything followed by '.com' followed by 0 or more non dots followed by '.xml' and either ending there or followed by '.gz'.

Nice.  I did just, thanks.

>> For some reason it stumbles on this filename:
>> I wanted to try to debug why, so I went to and for the regex entered:
>>   .*\.com[^.]*\.xml\.gz$
>> And the filename for the test string
>> It reports a "Full match"

>As you see, your regexp matches that name, but

>> But MailScanner still stumbles on it and replaces the attachment with the text warning:
>> "This is a message from the MailScanner E-Mail Virus Protection  Service
>> ----------------------------------------------------------------------
>> The original e-mail attachment ""
>> is on the list of unacceptable attachments for this site and has been 
>> replaced by this warning message.

>Mailscanner says the name it's looking at is "" without the .xml.

>What are the headers of all the sub-parts of the message? You should be able to find the message in MailScanner's quarantine.

Normally when (my) MailScanner stores spam/nonspam, it puts a single file in /var/spool/MailSanner/quarantine/<DATE>/nonspam (or spam).  When the message is blocked for a bad filename it lands in /var/spool/MailSanner/quarantine/<DATE>/QUEUE.ID which contains the message, and any attachments separated out.  Here's an example of one such message:

"" isn't present in the original message.  I presumed that MailScanner was just repacking the filename similarly to what it does in the report when encountering an overly long filename.  

> The results from `file` are only relevant for file type rules, not file name rules.

I know - I just added that to cover my bases.  

> Again, the name MailScanner is rejecting is "". To understand why, we need to see all the MIME part headers from the message.

It's in the pastebin post.

Thanks much...

MailScanner mailing list
mailscanner at

More information about the MailScanner mailing list