I've been getting absolutely murdered with spam lately so I started looking through config setting in efa and noticed the following errors when mailscanner was restarted but I do not see any syntax errors so a second set of eyes would be helpful.
max.message.size.rulesRestarting MailScanner ...
Syntax error in first field in line 24 of ruleset /etc/MailScanner/rules/max.message.size.rules at /usr/share/MailScanner/perl/MailScanner/Config.pm line 2707
Possible syntax error on line 48 of /etc/MailScanner/archives.filename.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672
Remember to separate fields with tab characters! at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1674
Possible syntax error on line 21 of /etc/MailScanner/archives.filetype.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672
Remember to separate fields with tab characters! at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1674
Possible syntax error on line 22 of /etc/MailScanner/archives.filetype.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672
Remember to separate fields with tab characters! at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1674
Possible syntax error on line 23 of /etc/MailScanner/archives.filetype.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672
Remember to separate fields with tab characters! at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1674
Possible syntax error on line 24 of /etc/MailScanner/archives.filetype.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672
Remember to separate fields with tab characters! at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1674
Possible syntax error on line 25 of /etc/MailScanner/archives.filetype.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672
Remember to separate fields with tab characters! at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1674
Code: Select all
Maximum Message Size = 0
FromOrTo: default 0
Line 21 starts here deny \.ani$
Code: Select all
deny \.fdf$ Dangerous Adobe Acrobat data-file Opening this file can cause auto-loading of any file from the internet
# JKF 04/01/2005 More Microsoft security vulnerabilities
deny \.ico$ Windows icon file security vulnerability Possible buffer overflow in Windows
deny \.ani$ Windows animated cursor file security vulnerability Possible buffer overflow in Windows
deny \.cur$ Windows cursor file security vulnerability Possible buffer overflow in Windows
#deny \.hlp$ Windows help file security vulnerability Possible buffer overflow in Windows
# These 4 are well known viruses.
deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus
deny happy99\.exe$ "Happy" virus "Happy" virus
deny \.ceo$ WinEvar virus attachment Often used by the WinEvar virus
deny webpage\.rar$ I-Worm.Yanker virus attachment Often used by the I-Worm.Yanker virus
# JKF 08/07/2005 Several virus scanners may miss this one
deny \.cab$ Possible malicious Microsoft cabinet file Cabinet files may hide viruses
# These are in the archives which are Microsoft Office 2007 files (e.g. docx)
allow \.xml\d*\.rel$ - -
allow \.x\d+\.rel$ - -
allow \.rtf$ - -
# These are known to be mostly harmless.
allow \.jpg$ - -
allow \.gif$ - -
# .url is arguably dangerous, but I can't just ban it...
allow \.url$ - -
allow \.vcf$ - -
allow \.txt$ - -
allow \.zip$ - -
allow \.t?gz$ - -
allow \.7z$ - -
allow \.bz2$ - -
allow \.Z$ - -
allow \.rpm$ - -
# PGP and GPG
allow \.gpg$ - -
allow \.pgp$ - -
allow \.sig$ - -
allow \.asc$ - -
# Macintosh archives
allow \.hqx$ - -
allow \.sit.bin$ - -
allow \.sea$ - -