Mailscanned double filenames

Questions and answers about how to do stuff
Post Reply
gosha
Posts: 12
Joined: 08 Feb 2017 09:12

Mailscanned double filenames

Post by gosha »

Hi

I have the following lines in a config file 'filename.rules.conf'

# Custom allow filenames
allow \.xls.xlsx$ - -
allow \.xlsx.xls$ - -
allow \.LAD.PDF$ - -
allow \.lad.pdf$ - -
allow \.[a-z0-9]{3}.doc$ - -
allow \.[a-z0-9]{3}.docx$ - -
allow \.doc$ - -
allow \.docx$ - -
allow \.xls$ - -
allow \.xlsx$ - -
allow \.ddoc$ - -
allow \*.doc$ - -
allow \*.docx$ - -
allow \*.xls$ - -
allow \*.xlsx$ - -
allow \*.ddoc$ - -
allow \.[a-z0-9]{2,3}.ddoc$ - -
allow \.[a-z0-9]{2,3}.zip$ - -
allow \.[a-z0-9]{2,3}.pdf$ - -
allow \.[a-z0-9]{2,3}.doc$ - -
allow \.[a-z0-9]{2,3}.docx$ - -
allow \.[a-z0-9]{2,3}.xls$ - -
allow \.[a-z0-9]{2,3}.xlsx$ - -

# Deny all other double file extensions. This catches any hidden filenames.
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension



But the message with attachment 38LIISINGULEPINGUnr20140870lõp.akt.doc is still being blocked. How to allow any name with any number of any extensions that ends with doc, docx, pdf and also another extensions I will list?
gosha
Posts: 12
Joined: 08 Feb 2017 09:12

Re: Mailscanned double filenames

Post by gosha »

There is even more strange problem, the message I see in the EFA interface is

MailScanner: Attempt to hide real filename extension (3201612001Koidulavõrguremont.akt.doc) ,MailScanner: Attempt to hide real filename extension (3201612001Koidulavõrguremont.akt.doc)

But the real filename was 3201612001Koidulavõrguremont.akt.bdoc (extension is BDOC, not DOC)
gosha
Posts: 12
Joined: 08 Feb 2017 09:12

Re: Mailscanned double filenames

Post by gosha »

I found more interesting staff. BDOC is a archive but it contains a file with name something.akt.doc and this name is being blocked.
gosha
Posts: 12
Joined: 08 Feb 2017 09:12

Re: Mailscanned double filenames

Post by gosha »

I found the file "archives.filename.rules.conf" where was needed to add allow lines. Resolved.
Post Reply