Page 1 of 1

too lot of false "Bad content"

Posted: 10 Jul 2018 07:08
by gosha
Hi

How to tube mailscanner not to block certain content. I'm getting a problem with a lot of false positives.

There are different kind of false positives

1. MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (%D0%A1%D1%87%D-2.doc)
MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (KESSZEE108632_.pdf)
- here is no long filenames, sometimes only the russian filenames, sometimes I don't understand why

2. MailScanner: Message contained archive nested too deeply
some european digitally signed documents (estonia, belgia use the digital signatures) *.bdoc and *.ddoc are blocked as an archives mailscanner unable to scan.


How to tune these problems?