Blocking custom file extention is not working

GoPiTM · Post by **GoPiTM** » 03 Feb 2016 13:24

Hi,

So I stumbled accross this site: http://www.emailsecuritycheck.net/index.html and had it sent it's test mails.
3 where blocked 4 came thru.

So to test I added this to the filename.rules at the bottem:
deny \.dll$ dll-files are not allowed dll-files are not allowed
deny \.()bat$ Possible malicious batch file script Batch files are often malicious

But it did not work.
Does anyone know what I did wrong?

Thx

Post by **shawniverson** » 05 Feb 2016 00:14

Saw you post on MailScanner list, did you get it to work?

GoPiTM · Post by **GoPiTM** » 05 Feb 2016 09:43

Strange enough the .dll gets blocked when I send it from gmail or any other email system, but from the site it gets thru.
The .()bat is not yet working

GoPiTM · Post by **GoPiTM** » 05 Feb 2016 12:59

I found the solution.

This will stop all attachments starting with .()

Code: Select all

deny	\.[(][)][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]	Possible malicious file	Files hiding behind () are often malicious

z3us · Post by **z3us** » 22 Jul 2016 17:13

I've got the same problems in EFA when using the tests from: http://www.emailsecuritycheck.net/index.html
Strange thing is that my tests from a Gmail accounts were just fine. Those mails we're blocked with message "Bad Content".
Mails from the website are getting through.
The sending address from the website isn't whitelisted.

What is the best way to troubleshoot this issue?

efa-project.org

Blocking custom file extention is not working

Blocking custom file extention is not working

Re: Blocking custom file extention is not working

Re: Blocking custom file extention is not working

Re: Blocking custom file extention is not working

Re: Blocking custom file extention is not working