I have created a blocked file rule in filenames.rules.conf
Code: Select all
deny \.doc$ Stop Older Office Docs coming in Older Office files in emails
deny \.xls$ Stop Older Office Docs coming in Older Office files in emails
deny \.ppt$ Stop Older Office Docs coming in Older Office files in emails
deny \.pub$ Stop Older Office Docs coming in Older Office files in emails
The file is called inv-0OW073.doc with the text
Morning,
I would like to know if Invoice no. 0OW073 Dated 10.09.2018, is paid or not. if paid kindly inform me the date of payment and total amount you paid Copy of invoice is attached.
Sincerely,
------
Mica Purchase
Clearly spam, but the EFA is letting it through.( It does vary - it stops some, and then lets a few through. The above example came direct into my inbox)
So to prevent users opening it we want to quarantine the email, and release any legitimate mails. Yet we are finding they just plain don't release.
The documents are in the /var/spool/mailscanner/quarantine/DATE/EMAIL-ID and you can get them using WinSCP or something, but the release function doesnt work.
Does anyone have any thoughts as to why this is happening. Emails without attachments release OK.
Thanks in Advance
ElFranko