filename.rules.conf<br>filetype.rules.conf<br><b>archives.filename.rules.conf</b><br>archives.filetype.rules.conf<br><br>Which one were you editing?<br><br><div class="gmail_quote">On 16 July 2012 21:13, J Gao <span dir="ltr"><<a href="mailto:jgao@veecall.com" target="_blank">jgao@veecall.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 12-07-16 09:32 AM, J Gao wrote:<br>
> Hello,<br>
><br>
> We have a client send us email with zipped attachment. It contain files<br>
> like:<br>
> file1.shp.xml<br>
> file2.kmz.kml<br>
><br>
> I added two lines on the bottom of the filename.rules.conf:<br>
> allow \.shp\.xml$ - -<br>
> allow \.kmz\.kml$ - -<br>
><br>
> But the MailScanner still detect them as "Bad Filename" and drop them<br>
> into quarantine:<br>
><br>
> MessageID: 5482680A2.A554E<br>
> Quarantine: /var/spool/MailScanner/quarantine/20120713/5482680A2.A554E<br>
> Report: MailScanner: Attempt to hide real filename extension (aral.shp.xml)<br>
><br>
><br>
><br>
> How can I let MailScanner know these are safe file name and let them<br>
> pass through?<br>
><br>
> Thanks<br>
><br>
> Gao<br>
><br>
<br>
</div><div class="im">Well, I tried all you guys suggestion and I still get trouble when I<br>
test the rule. I restarted MailScanner every time after modify the file.<br>
<br>
Here I put a tiny test file online. This zip file contain a single<br>
</div>.shp.xml file. (This is generated by some program in Windows). Anyway<br>
<div class="im HOEnZb">you can see that just a flat XML file but just with a double extension<br>
file name:<br>
<a href="http://dl.dropbox.com/u/3442771/test.zip" target="_blank">http://dl.dropbox.com/u/3442771/test.zip</a><br>
<br>
BTW, even I enable (although I don't like the idea):<br>
<br>
</div><div class="im HOEnZb"># Deny all other double file extensions. This catches any hidden filenames.<br>
allow \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename<br>
hiding<br>
<br>
</div><div class="im HOEnZb">It's still block my test.zip file!<br>
<br>
Could someone can test is with my test.zip file above and let me know<br>
the solution?<br>
<br>
Thanks a lot.<br>
<br>
Gao<br>
<br>
<br>
<br>
</div><div class="im HOEnZb">[UPDATE]<br>
<br>
I just tried to put the rule on the very beginning of the conf file:<br>
<br>
test result:<br>
1. zip file still get blocked!<br>
2. BUT if I attach the .shp.xml file without zip it, it passed!<br>
<br>
So there is something going on with the unzip/scan ?<br>
<br>
</div><div class="HOEnZb"><div class="h5">Gao<br>
<br>
<br>
<br>
<br>
--<br>
<br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</div></div></blockquote></div><br>