Hi,
I had added some file extension to /etc/MailScanner/filename.rules.conf
But seem they didn't work.
Use test from http://www.emailsecuritycheck.net
4/7 can reach my inbox
EFA don't block dangerous file attachment.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA don't block dangerous file attachment.
Restarted MailScanner?
Re: EFA don't block dangerous file attachment.
Yes, restart many time.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA don't block dangerous file attachment.
Did you send a dll yourself or from this site?
They may be obfuscating the file somehow, is the reason I ask...
They may be obfuscating the file somehow, is the reason I ask...
Re: EFA don't block dangerous file attachment.
test 4/7 attaches a batch file called "attached%2E" which decodes to "attached." That file cannot be run unless it is renamed to "attached.bat", so I would ignore that one.
test 5/7 attaches a batch file called "ATT00001.dll" and should be blocked, so I'd consider this a legitimate fail.
test 6/7 attaches a batch file called "attached.()bat". The extension ".()bat" won't run on a windows computer, so I wouldn't consider that a fail. You can ignore this.
test 7/7 attaches a batch file called "attached" As it has no extension, Windows won't run it. Not a legitimate fail. Ignore.
test 5/7 attaches a batch file called "ATT00001.dll" and should be blocked, so I'd consider this a legitimate fail.
test 6/7 attaches a batch file called "attached.()bat". The extension ".()bat" won't run on a windows computer, so I wouldn't consider that a fail. You can ignore this.
test 7/7 attaches a batch file called "attached" As it has no extension, Windows won't run it. Not a legitimate fail. Ignore.
Re: EFA don't block dangerous file attachment.
edited /etc/MailScanner/filename.rules.conf and added (you need to change the spaces to tabs which are not preserved here):
restarted mailscanner, and sent myself the dll attachment.
Result? blocked, so everything is good and in working order.
Code: Select all
# Deny dll's
140 deny \.dll$ Windows DLL Dll's not allowed.
Result? blocked, so everything is good and in working order.
Re: EFA don't block dangerous file attachment.
Hi,
I try as you suggest. But since I restarted the MailScanner service it gives an error like this.
I try as you suggest. But since I restarted the MailScanner service it gives an error like this.
Code: Select all
[root@gw omer]# nano /etc/MailScanner/filename.rules.conf
[root@gw omer]# /etc/init.d/mailscanner restart
Restarting MailScanner ...
Possible syntax error on line 140 of /etc/MailScanner/filename.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672
Remember to separate fields with tab characters! at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1674
MailScanner restarted with process id 14923
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA don't block dangerous file attachment.
You have a typo, and it is telling you where the typo is.