Page 1 of 1

Allow twbx file types

Posted: 13 Feb 2020 14:20
by bostjanc
Hi.
EFA - 3.0.2.6
I got a "complaint" from one of the users that they are no more able to receive "twbx" file types attachment.
Efa rejects those messages with a reason: Bad content
If I look inside mailscanner I see:
MailScanner: No programs allowed (21.bin)
MailScanner: No programs allowed (21.bin)

- User is saying he was able to get those kind of file types in the past
- Putting the file into .zip does not solve it
I have also tried editing: filename.rules.conf and added:
allow \.twbx$ - -
but after I restart mailscanner service I get an error:
Possible syntax error on line 52 of /etc/MailScanner/filename.rules.conf at /usr/share/MailScanner/perl/MailScanner/Config.pm line 1672

Pls help - How can we solve this?
Thank you.
With best regards

Re: Allow twbx file types

Posted: 19 Feb 2020 11:40
by bostjanc
Anyone pretty pls?

Re: Allow twbx file types

Posted: 19 Feb 2020 22:32
by shawniverson
Tabs instead of spaces, right?

Re: Allow twbx file types

Posted: 19 Feb 2020 22:56
by bostjanc
Shawn.
1st of all I would like to thank you for you reply.
Excuse me of my lack of knowledge of linux syntax, could you be please more specific what would be the correct format of adding that file types in exclusion?
With best regards

Re: Allow twbx file types

Posted: 20 Feb 2020 10:14
by bostjanc
Allright, I have went with the same procedure again.
This time the syntax was correct (there had to be some wrong spaces in my previous attempts).
But the problem is that even if I add line:
allow \.twbx$ - -
into file: /etc/MailScanner/filename.rules.conf
and restart mailscanner service and sent a test message again with twbs attachment EFA/MailScanner still blocks it with reason:
MailScanner: No programs allowed (21.bin)
MailScanner: No programs allowed (21.bin)

Do I need to add exclusion of filetypes *.twbx to some other config to?

Re: Allow twbx file types

Posted: 23 Feb 2020 01:43
by bostjanc
Should I just disable scanning archive files like in this thread suggested?

viewtopic.php?t=2982

Or does anyone else have a different solution?

With best regards

Re: Allow twbx file types

Posted: 24 Feb 2020 00:44
by shawniverson
I think this is hitting in the archive rules..it looks like the twbx is getting decompressed and eFa is finding some .bin files in it.

Try archive.filename.rules files instead.

Re: Allow twbx file types

Posted: 24 Feb 2020 06:17
by bostjanc
Hi Shawn.
Thank you for your reply.
I have added allowness of extension in the archives.filename.rules.conf, restarted mailscanner service, resent a test message and error is the same.
Then I have changed MailScanner.conf maximum archive depth from 3 to 0, restarted mailscanner and still the same error :/
I have ran out of ideas. Any other hints?
With best regards

Re: Allow twbx file types

Posted: 24 Feb 2020 23:33
by shawniverson
Are these coming from a specific sender? If so, can you whitelist them in archives.filename.rules and archives.filetypes.rules? Be sure to use tabs between the fields for the entry.

Re: Allow twbx file types

Posted: 26 Feb 2020 04:55
by bostjanc
Hi.
This is not comming from a specific sender.

Re: Allow twbx file types

Posted: 26 Mar 2020 10:39
by bostjanc
Hi!
Any other ideas/hints (pls)?

Re: Allow twbx file types

Posted: 18 Aug 2020 08:43
by bostjanc
anyone?

Re: Allow twbx file types

Posted: 19 Aug 2020 19:34
by smyers119
are you putting the allow rule beofre the block rules? I would assume there is some order of operation in effect.

Re: Allow twbx file types

Posted: 24 Aug 2020 11:17
by pdwalker
what is a twbx file anyway?

If it is some kind of archive file that mailscanner understands, then it will extract the filenames and then run those names through the allowed checks.

So, if your twbx archive(?) file has a bin inside of it, then mailscanner will prevent the receiving of the bin file by blocking the entire archive.

Some files are really just renamed zip files (like docx files). This may be the case with the otherwise innocuous twbx file.

One way to avoid this is to change the setting of "Find Archives By Content = yes" to "no", but I don't recommend that, especially if you want to scan the contents of zip files.

Could you email me a twbx file so I could examine the contents?

Re: Allow twbx file types

Posted: 25 Oct 2020 11:02
by bostjanc
What do you mean "Tabs instead of spaces, right?"