A feature that i would like to be able to disable ;)<br><br>"Why would you want to spend precious resources on a meaningless check,
when you already decided to stop the offending attachment?!"<br>To inform my paying user why the contract he's been waiting for was blocked.<br><br>I think I already made quite clear why it's not an option for me to completely block them. I can't see why other users can't be bothered by it, maybe they just accept that they can't solve it? (Not my way of handling problems)<br>
<br><div class="gmail_quote">On 1 September 2011 23:07, Glenn Steen <span dir="ltr"><<a href="mailto:glenn.steen@gmail.com" target="_blank">glenn.steen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>That's not a problem, it's a feature... And a much needed one at that!<br>
Why would you want to spend precious resources on a meaningless check, when you already decided to stop the offending attachment?!<br>
Don't deliver it at all, if it bothers you;-) </p>
<p>Cheers<br>
-- <br>
-- Glenn</p>
<div class="gmail_quote">Den 1 sep 2011 19:12 skrev "Joolee" <<a href="mailto:mailscanner@joolee.nl" target="_blank">mailscanner@joolee.nl</a>>:<div><div></div><div><br type="attribution">> The problem with the current spam is that they're blocked for containing exe<br>
> files, not double file extensions (Although they woul've hit that one if<br>> exe's were not clocked.)<br>> <br>> Only quick temporary solution is to disable all file-name validation because<br>> this can occur with more than just exe files and double extensions. This is<br>
> no final solution though.<br>> <br>> On 1 September 2011 18:40, Kevin Miller <<a href="mailto:Kevin_Miller@ci.juneau.ak.us" target="_blank">Kevin_Miller@ci.juneau.ak.us</a>>wrote:<br>> <br>>> **<br>
>> Easiest thing to do in that case is to comment out the line in<br>
>> filename.rules.conf that disallows double extensions. The message will be<br>>> accepted as normal and go through the additional tests (is it an executable,<br>>> is it a virus, is it spam, etc.)<br>
>><br>>><br>>> ...Kevin<br>>> --<br>>> Kevin Miller Registered Linux User No: 307357<br>>> CBJ MIS Dept. Network Systems Admin., Mail Admin.<br>>> 155 South Seward Street ph: (907) 586-0242<br>
>> Juneau, Alaska 99801 fax: (907 586-4500<br>>><br>>><br>>> ------------------------------<br>>> *From:* <a href="mailto:mailscanner-bounces@lists.mailscanner.info" target="_blank">mailscanner-bounces@lists.mailscanner.info</a> [mailto:<br>
>> <a href="mailto:mailscanner-bounces@lists.mailscanner.info" target="_blank">mailscanner-bounces@lists.mailscanner.info</a>] *On Behalf Of *Joolee<br>>> *Sent:* Thursday, September 01, 2011 7:32 AM<br>>> *To:* MailScanner discussion<br>
>> *Subject:* Re: MS Doesn't completely block spam with faulty attachments<br>>><br>>> I agree that it isn't a good idea to notify the sender of a spam or virus<br>>> message I'm not planning to do that, I know the troubles of backscatter.<br>
>><br>>> What I've configured is that if a user sends a completely normal<br>>> (non-virus, non-spam) E-mail but with, for instance, a file named<br>>> "CurriculumVitae.doc.pdf" (default output for a lot of PDF printers). The<br>
>> server sends out a warning to sender and the original message stripped of<br>>> it's attachment to the recipient of the message. Notifying the sender is not<br>>> strictly necessary but if this is only done for such non-virus, non-spam<br>
>> message, it isn't a problem either.<br>>><br>>> The situation that bugs me is when some spam message with a file named<br>>> "CurriculumVitae.doc.pdf" is received. The message hits the filename rule<br>
>> and* isn't processed any further to check if its a spam message*. Because<br>>> it isn't processed any further, the warning messages are send out to both<br>>> sender and original recipient.<br>
>><br>>> As I stated before, I can disable the sender notification. What I can't do<br>>> is tell my customers (the recipients) that such wrongly named files, most<br>>> containing important documents, are silently discarded. Sending spam to my<br>
>> customers that could have been recognized isn't an option either.<br>>><br>>> The simplest solution, I think, would be to *continue processing* the<br>>> message after a file name rule is hit, decide if the E-mail is HAM and in<br>
>> that case, send out the notifications. If the E-mail is spam, silently<br>>> discard it.<br>>> It would add a bit of load to the server but stopping spam is what it's all<br>>> about, isn't it? :P<br>
>><br>>> On 1 September 2011 16:34, Julian Field <<a href="mailto:MailScanner@ecs.soton.ac.uk" target="_blank">MailScanner@ecs.soton.ac.uk</a>>wrote:<br>>><br>>>> He's probably switched on some "Notify Senders" options. Bad idea :-(<br>
>>><br>>>><br>>>> On 01/09/2011 12:32, Martin Hepworth wrote:<br>>>><br>>>>> what version of MS?<br>>>>><br>>>>> I never inform the sender of junk as you end up with fake messages sent<br>
>>>> out.<br>>>>><br>>>>> --<br>>>>> Martin Hepworth<br>>>>> Oxford, UK<br>>>>><br>>>>><br>>>>> On 1 September 2011 08:17, Joolee <<a href="mailto:mailscanner@joolee.nl" target="_blank">mailscanner@joolee.nl</a> <mailto:<br>
>>>> <a href="mailto:mailscanner@joolee.nl" target="_blank">mailscanner@joolee.nl</a>>**> wrote:<br>>>>><br>>>>> Hallo Everybody,<br>>>>><br>>>>> I've experienced a small flood of virus E-mails. These E-mails<br>
>>>> (subj.: "ACH Payment *random number* Canceled") contain<br>>>>> attachments named like: "report_082011-65.pdf.exe"<br>>>>> They obviously get blocked by the "no executables" and "No double<br>
>>>> file extensions" rules. The problem is that after blocking them,<br>>>>> an automated E-mail is send to the original recipient and the<br>>>>> (faked) sender of the message, informing them of the blocked<br>
>>>> attachment.<br>>>>><br>>>>> Had the E-mails been processed further, they would've probably hit<br>>>>> the virusscanner (not tested) or spamassassin (gives a score of 27<br>
>>>> when tested) and the E-mail would've silently been discarded as a<br>>>>> virus / spam / phishing.<br>>>>><br>>>>> Is it possible to let the MailScanner continue it's processing<br>
>>>> when hitting the file name rules and / or running the filename<br>>>>> rule at a later time?<br>>>>> --<br>>>>> MailScanner mailing list<br></div></div>>>>> mailscanner@lists.mailscanner.**info<<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a>><br>
>>>> <mailto:<a href="mailto:mailscanner@lists." target="_blank">mailscanner@lists.</a>**<a href="http://mailscanner.info" target="_blank">mailscanner.info</a><<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a>>><br>
>>>><br>>>>><br>>>>> <a href="http://lists.mailscanner.info/**mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/**mailman/listinfo/mailscanner</a><<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a>><br>
>>>><br>>>>> Before posting, read <a href="http://wiki.mailscanner.info/**posting" target="_blank">http://wiki.mailscanner.info/**posting</a><<a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a>><div>
<br>
>>>><br>>>>> Support MailScanner development - buy the book off the website!<br>>>>><br>>>>><br>>>>><br>>>>><br>>>>><br>>>>> Jules<br>
>>>><br>>>>> --<br>>>>> Julian Field MEng CITP CEng<br>>>>> <a href="http://www.MailScanner.info" target="_blank">www.MailScanner.info</a><br>>>>><br>>>>> Buy the MailScanner book at <a href="http://www.MailScanner.info/store" target="_blank">www.MailScanner.info/store</a><br>
>>>> Need help customising MailScanner? Contact me!<br>>>>><br>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<br>>>>> Follow me at <a href="http://twitter.com/JulesFM" target="_blank">twitter.com/JulesFM</a><br>
>>>><br>>>>> 'It's okay to live without all the answers' - Charlie Eppes, 2011<br>>>>> 'All programs have a desire to be useful' - Tron, 1982<br>>>>><br>
>>><br>>>> --<br>>>> This message has been scanned for viruses and<br>>>> dangerous content by MailScanner, and is<br>>>> believed to be clean.<br>>>><br>>>> --<br>
>>> MailScanner mailing list<br></div>>>> mailscanner@lists.mailscanner.**info <<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a>><br>>>> <a href="http://lists.mailscanner.info/**mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/**mailman/listinfo/mailscanner</a><<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a>><br>
>>><br>>>> Before posting, read <a href="http://wiki.mailscanner.info/**posting" target="_blank">http://wiki.mailscanner.info/**posting</a><<a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a>><div>
<br>
>>><br>>>> Support MailScanner development - buy the book off the website!<br>>>><br>>><br>>><br>>> --<br>>> MailScanner mailing list<br>>> <a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
>> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>>><br>>> Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
>><br>>> Support MailScanner development - buy the book off the website!<br>>><br>>><br></div></div>
<br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br>