<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 9.00.8112.16430"></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=022193516-01092011><FONT color=#0000ff
size=2 face=Arial>Easiest thing to do in that case is to comment out the line in
filename.rules.conf that disallows double extensions. The message will be
accepted as normal and go through the additional tests (is it an executable, is
it a virus, is it spam, etc.)</FONT></SPAN></DIV>
<DIV><FONT color=#0000ff size=2 face=Arial></FONT> </DIV><!-- Converted from text/plain format -->
<P align=left><FONT size=2>...Kevin<BR>--<BR>Kevin
Miller
Registered Linux User No: 307357<BR>CBJ MIS
Dept.
Network Systems Admin., Mail Admin.<BR>155 South Seward
Street ph: (907) 586-0242<BR>Juneau, Alaska
99801 fax: (907 586-4500</FONT> </P>
<DIV> </DIV><BR>
<DIV dir=ltr lang=en-us class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>From:</B> mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] <B>On Behalf Of
</B>Joolee<BR><B>Sent:</B> Thursday, September 01, 2011 7:32 AM<BR><B>To:</B>
MailScanner discussion<BR><B>Subject:</B> Re: MS Doesn't completely block spam
with faulty attachments<BR></FONT><BR></DIV>
<DIV></DIV>I agree that it isn't a good idea to notify the sender of a spam or
virus message I'm not planning to do that, I know the troubles of
backscatter.<BR><BR>What I've configured is that if a user sends a completely
normal (non-virus, non-spam) E-mail but with, for instance, a file named
"CurriculumVitae.doc.pdf" (default output for a lot of PDF printers). The server
sends out a warning to sender and the original message stripped of it's
attachment to the recipient of the message. Notifying the sender is not strictly
necessary but if this is only done for such non-virus, non-spam message, it
isn't a problem either.<BR><BR>The situation that bugs me is when some spam
message with a file named "CurriculumVitae.doc.pdf" is received. The message
hits the filename rule and<B> isn't processed any further to check if its a spam
message</B>. Because it isn't processed any further, the warning messages are
send out to both sender and original recipient.<BR><BR>As I stated before, I can
disable the sender notification. What I can't do is tell my customers (the
recipients) that such wrongly named files, most containing important documents,
are silently discarded. Sending spam to my customers that could have been
recognized isn't an option either.<BR><BR>The simplest solution, I think, would
be to <B>continue processing</B> the message after a file name rule is hit,
decide if the E-mail is HAM and in that case, send out the notifications. If the
E-mail is spam, silently discard it.<BR>It would add a bit of load to the server
but stopping spam is what it's all about, isn't it? :P<BR><BR>
<DIV class=gmail_quote>On 1 September 2011 16:34, Julian Field <SPAN
dir=ltr><<A
href="mailto:MailScanner@ecs.soton.ac.uk">MailScanner@ecs.soton.ac.uk</A>></SPAN>
wrote:<BR>
<BLOCKQUOTE
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>He's probably switched on some "Notify Senders" options. Bad
idea :-(
<DIV class=im><BR><BR>On 01/09/2011 12:32, Martin Hepworth wrote:<BR></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>
<DIV class=im>what version of MS?<BR><BR>I never inform the sender of junk
as you end up with fake messages sent out.<BR><BR>-- <BR>Martin
Hepworth<BR>Oxford, UK<BR><BR><BR></DIV>
<DIV class=im>On 1 September 2011 08:17, Joolee <<A
href="mailto:mailscanner@joolee.nl" target=_blank>mailscanner@joolee.nl</A>
<mailto:<A href="mailto:mailscanner@joolee.nl"
target=_blank>mailscanner@joolee.nl</A>><U></U>> wrote:<BR><BR>
Hallo Everybody,<BR><BR> I've experienced a small flood of
virus E-mails. These E-mails<BR> (subj.: "ACH Payment *random
number* Canceled") contain<BR> attachments named like:
"report_082011-65.pdf.exe"<BR> They obviously get blocked by the
"no executables" and "No double<BR> file extensions" rules. The
problem is that after blocking them,<BR> an automated E-mail is
send to the original recipient and the (faked) sender of the
message, informing them of the blocked<BR>
attachment.<BR><BR> Had the E-mails been processed
further, they would've probably hit<BR> the virusscanner (not
tested) or spamassassin (gives a score of 27<BR> when tested)
and the E-mail would've silently been discarded as a<BR> virus /
spam / phishing.<BR><BR> Is it possible to let the MailScanner
continue it's processing<BR> when hitting the file name rules
and / or running the filename<BR> rule at a later
time?<BR> --<BR> MailScanner mailing list<BR>
<A href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.<U></U>info</A><BR></DIV>
<mailto:<A href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.<U></U>mailscanner.info</A>>
<DIV class=im><BR> <A
href="http://lists.mailscanner.info/mailman/listinfo/mailscanner"
target=_blank>http://lists.mailscanner.info/<U></U>mailman/listinfo/mailscanner</A><BR><BR>
Before posting, read <A href="http://wiki.mailscanner.info/posting"
target=_blank>http://wiki.mailscanner.info/<U></U>posting</A><BR><BR>
Support MailScanner development - buy the book off the
website!<BR><BR><BR><BR><BR><BR></DIV>Jules<BR><BR>-- <BR>Julian Field MEng
CITP CEng<BR><A href="http://www.MailScanner.info"
target=_blank>www.MailScanner.info</A><BR><BR>Buy the MailScanner book at <A
href="http://www.MailScanner.info/store"
target=_blank>www.MailScanner.info/store</A><BR>Need help customising
MailScanner? Contact me!<BR><BR>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
11F6 5947 1415 B654<BR>Follow me at <A href="http://twitter.com/JulesFM"
target=_blank>twitter.com/JulesFM</A><BR><BR>'It's okay to live without all
the answers' - Charlie Eppes, 2011<BR>'All programs have a desire to be
useful' - Tron, 1982<BR></BLOCKQUOTE><BR>-- <BR>This message has been scanned
for viruses and<BR>dangerous content by MailScanner, and is<BR>believed to be
clean.<BR><FONT color=#888888><BR>-- <BR></FONT>
<DIV>
<DIV></DIV>
<DIV class=h5>MailScanner mailing list<BR><A
href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.<U></U>info</A><BR><A
href="http://lists.mailscanner.info/mailman/listinfo/mailscanner"
target=_blank>http://lists.mailscanner.info/<U></U>mailman/listinfo/mailscanner</A><BR><BR>Before
posting, read <A href="http://wiki.mailscanner.info/posting"
target=_blank>http://wiki.mailscanner.info/<U></U>posting</A><BR><BR>Support
MailScanner development - buy the book off the website!
</DIV></DIV></BLOCKQUOTE></DIV><BR></BODY></HTML>