<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.10.0">
</HEAD>
<BODY>
I'm pretty new to this MailScanner stuff, so this may be too simple. So please excuse me. What about the file permissions on your filename.rules.conf or filetype.rules.conf? <BR>
<BR>
One other thought is your max or minimum size for attachments setting in the Mailscanner.conf file?<BR>
<BR>
On Wed, 2006-07-26 at 16:58 -0400, DAve wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Julian Field wrote:</FONT>
<FONT COLOR="#000000">> Can anyone else reproduce this behaviour?</FONT>
<FONT COLOR="#000000">> I sure can't :-(</FONT>
<FONT COLOR="#000000">I would wager I've done something very stupid. Woods, trees, that whole </FONT>
<FONT COLOR="#000000">metaphor thing.</FONT>
<FONT COLOR="#000000">For what it's worth, some things are installed, but not showing up in </FONT>
<FONT COLOR="#000000">MailScanner -v. MailTools, IO-Stringy, Storable, File-Spec. I am double </FONT>
<FONT COLOR="#000000">checking to make sure they did in fact install.</FONT>
<FONT COLOR="#000000">bash-2.05b# MailScanner -v</FONT>
<FONT COLOR="#000000">Running on</FONT>
<FONT COLOR="#000000">FreeBSD avhost2.tls.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb </FONT>
<FONT COLOR="#000000">23 20:45:55 GMT 2004 </FONT>
<FONT COLOR="#000000"><A HREF="mailto:root@wv1u.btc.adaptec.com">root@wv1u.btc.adaptec.com</A>:/usr/obj/usr/src/sys/GENERIC i386</FONT>
<FONT COLOR="#000000">This is Perl version 5.006002 (5.6.2)</FONT>
<FONT COLOR="#000000">This is MailScanner version 4.54.6</FONT>
<FONT COLOR="#000000">Module versions are:</FONT>
<FONT COLOR="#000000">1.16 Archive::Zip</FONT>
<FONT COLOR="#000000">1.119 Convert::BinHex</FONT>
<FONT COLOR="#000000">1.03 Fcntl</FONT>
<FONT COLOR="#000000">2.6 File::Basename</FONT>
<FONT COLOR="#000000">2.03 File::Copy</FONT>
<FONT COLOR="#000000">2.00 FileHandle</FONT>
<FONT COLOR="#000000">1.0404 File::Path</FONT>
<FONT COLOR="#000000">0.16 File::Temp</FONT>
<FONT COLOR="#000000">0.68 Filesys::Df</FONT>
<FONT COLOR="#000000">1.35 HTML::Entities</FONT>
<FONT COLOR="#000000">3.54 HTML::Parser</FONT>
<FONT COLOR="#000000">2.37 HTML::TokeParser</FONT>
<FONT COLOR="#000000">1.20 IO</FONT>
<FONT COLOR="#000000">1.08 IO::File</FONT>
<FONT COLOR="#000000">1.121 IO::Pipe</FONT>
<FONT COLOR="#000000">1.74 Mail::Header</FONT>
<FONT COLOR="#000000">3.07 MIME::Base64</FONT>
<FONT COLOR="#000000">5.420 MIME::Decoder</FONT>
<FONT COLOR="#000000">5.420 MIME::Decoder::UU</FONT>
<FONT COLOR="#000000">5.420 MIME::Head</FONT>
<FONT COLOR="#000000">5.420 MIME::Parser</FONT>
<FONT COLOR="#000000">3.07 MIME::QuotedPrint</FONT>
<FONT COLOR="#000000">5.420 MIME::Tools</FONT>
<FONT COLOR="#000000">0.11 Net::CIDR</FONT>
<FONT COLOR="#000000">1.03 POSIX</FONT>
<FONT COLOR="#000000">1.72 Socket</FONT>
<FONT COLOR="#000000">0.01 Sys::Syslog</FONT>
<FONT COLOR="#000000">1.87 Time::HiRes</FONT>
<FONT COLOR="#000000">1.01 Time::localtime</FONT>
<FONT COLOR="#000000">Optional module versions are:</FONT>
<FONT COLOR="#000000">0.17 Convert::TNEF</FONT>
<FONT COLOR="#000000">1.806 DB_File</FONT>
<FONT COLOR="#000000">1.12 DBD::SQLite</FONT>
<FONT COLOR="#000000">1.50 DBI</FONT>
<FONT COLOR="#000000">1.15 Digest</FONT>
<FONT COLOR="#000000">1.01 Digest::HMAC</FONT>
<FONT COLOR="#000000">2.36 Digest::MD5</FONT>
<FONT COLOR="#000000">2.11 Digest::SHA1</FONT>
<FONT COLOR="#000000">missing Inline</FONT>
<FONT COLOR="#000000">missing Mail::ClamAV</FONT>
<FONT COLOR="#000000">3.001001 Mail::SpamAssassin</FONT>
<FONT COLOR="#000000">1.999001 Mail::SPF::Query</FONT>
<FONT COLOR="#000000">0.20 Net::CIDR::Lite</FONT>
<FONT COLOR="#000000">1.24 Net::IP</FONT>
<FONT COLOR="#000000">0.57 Net::DNS</FONT>
<FONT COLOR="#000000">missing Net::LDAP</FONT>
<FONT COLOR="#000000">missing Parse::RecDescent</FONT>
<FONT COLOR="#000000">missing SAVI</FONT>
<FONT COLOR="#000000">1.4 Sys::Hostname::Long</FONT>
<FONT COLOR="#000000">2.58 Test::Harness</FONT>
<FONT COLOR="#000000">0.62 Test::Simple</FONT>
<FONT COLOR="#000000">missing Text::Balanced</FONT>
<FONT COLOR="#000000">1.35 URI</FONT>
<FONT COLOR="#000000">bash-2.05b# MailScanner --lint</FONT>
<FONT COLOR="#000000">Read 719 hostnames from the phishing whitelist</FONT>
<FONT COLOR="#000000">Config: calling custom init function MailWatchLogging</FONT>
<FONT COLOR="#000000">Config: calling custom init function SQLHighSpamScores</FONT>
<FONT COLOR="#000000">Config: calling custom init function SQLWhitelist</FONT>
<FONT COLOR="#000000">Config: calling custom init function SQLBlacklist</FONT>
<FONT COLOR="#000000">Config: calling custom init function SQLSpamScores</FONT>
<FONT COLOR="#000000">Checking for SpamAssassin errors (if you use it)...</FONT>
<FONT COLOR="#000000">Using SpamAssassin results cache</FONT>
<FONT COLOR="#000000">Connected to SpamAssassin cache database</FONT>
<FONT COLOR="#000000">SpamAssassin reported no errors.</FONT>
<FONT COLOR="#000000">MailScanner.conf says "Virus Scanners = clamav"</FONT>
<FONT COLOR="#000000">Found these virus scanners installed: clamav, bitdefender</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> DAve wrote:</FONT>
<FONT COLOR="#000000">>> DAve wrote:</FONT>
<FONT COLOR="#000000">>>> DAve wrote:</FONT>
<FONT COLOR="#000000">>>>> Good morning,</FONT>
<FONT COLOR="#000000">>>>></FONT>
<FONT COLOR="#000000">>>>> I have just had a user bring to my attention that since I upgraded </FONT>
<FONT COLOR="#000000">>>>> to 4.54.x we are no longer stopping filenames with double suffixes </FONT>
<FONT COLOR="#000000">>>>> or banned suffixes.</FONT>
<FONT COLOR="#000000">>>>></FONT>
<FONT COLOR="#000000">>>>> I tried a test and sure enough two files went right through, </FONT>
<FONT COLOR="#000000">>>>> test.svx.doc and test.scr. I double checked my conf files and </FONT>
<FONT COLOR="#000000">>>>> everything looks good, mailscanner --lint shows no errors.</FONT>
<FONT COLOR="#000000">>>>></FONT>
<FONT COLOR="#000000">>>>> I haven't changed anything in the conf file except to add MailWatch. </FONT>
<FONT COLOR="#000000">>>>> I went through the change log and docs and didn't see anything that </FONT>
<FONT COLOR="#000000">>>>> I thought would affect me.</FONT>
<FONT COLOR="#000000">>>>></FONT>
<FONT COLOR="#000000">>>>> Has there been a change in how the filename.rules.conf files work?</FONT>
<FONT COLOR="#000000">>>>></FONT>
<FONT COLOR="#000000">>>>> Thanks,</FONT>
<FONT COLOR="#000000">>>>></FONT>
<FONT COLOR="#000000">>>>> DAve</FONT>
<FONT COLOR="#000000">>>>></FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>>> Hmm, double checked the filename.rules.conf and filetype.rules.conf </FONT>
<FONT COLOR="#000000">>>> and they looked fine (yes, tabs not spaces).</FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>>> Just on a whim I changed the MailScanner.conf to</FONT>
<FONT COLOR="#000000">>>> Filename Rules = %rules-dir%/user.filename.rules</FONT>
<FONT COLOR="#000000">>>> #Filename Rules = %etc-dir%/filename.rules.conf</FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>>> Then created %rules-dir%/user.filename.rules as</FONT>
<FONT COLOR="#000000">>>> # Default, disallow for all others</FONT>
<FONT COLOR="#000000">>>> To: default </FONT>
<FONT COLOR="#000000">>>> /usr/local/etc/MailScanner/filename.deny.rules.conf</FONT>
<FONT COLOR="#000000">>>> From: default </FONT>
<FONT COLOR="#000000">>>> /usr/local/etc/MailScanner/filename.deny.rules.conf</FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf </FONT>
<FONT COLOR="#000000">>>> from the install source.</FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>>> Still test.svx.doc gets through as does test.scr. mailscanner --lint </FONT>
<FONT COLOR="#000000">>>> still shows no issues.</FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>>> I tried to run in debug mode but I got no unusual output. So I </FONT>
<FONT COLOR="#000000">>>> stopped MailScanner and called with the debug switch with no change. </FONT>
<FONT COLOR="#000000">>>> Is there a way to run in debug and output to the terminal?</FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>>> DAve</FONT>
<FONT COLOR="#000000">>>></FONT>
<FONT COLOR="#000000">>></FONT>
<FONT COLOR="#000000">>> Well, I've tried using full paths in the Filename Rules = ,</FONT>
<FONT COLOR="#000000">>> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules</FONT>
<FONT COLOR="#000000">>></FONT>
<FONT COLOR="#000000">>> I've tried adding a file suffix to Deny Filenames =</FONT>
<FONT COLOR="#000000">>> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$</FONT>
<FONT COLOR="#000000">>></FONT>
<FONT COLOR="#000000">>> Nothing works, test.scr just flies right through. I'm pretty much left </FONT>
<FONT COLOR="#000000">>> with reinstall on all my servers unless I can find a way to see what </FONT>
<FONT COLOR="#000000">>> is happening.</FONT>
<FONT COLOR="#000000">>></FONT>
<FONT COLOR="#000000">>> DAve</FONT>
<FONT COLOR="#000000">>></FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">-- </FONT>
<FONT COLOR="#000000">Three years now I've asked Google why they don't have a</FONT>
<FONT COLOR="#000000">logo change for Memorial Day. Why do they choose to do logos</FONT>
<FONT COLOR="#000000">for other non-international holidays, but nothing for</FONT>
<FONT COLOR="#000000">Veterans?</FONT>
<FONT COLOR="#000000">Maybe they forgot who made that choice possible.</FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>