Can't allow specific double extensions

Questions and answers about how to do stuff
Post Reply
iglooo
Posts: 32
Joined: 25 Jan 2019 19:52

Can't allow specific double extensions

Post by iglooo »

I'm trying to allow .doc/.docx.pdf extensions but it doesn't work with the below configuration. What am I doing wrong? I've already restarted mailscanner and I'm using tabs for spaces.

Code: Select all

Feb 11 14:42:31 efaserv MailScanner[29811]: Filename Checks: Found possible filename hiding (E569E101301.AB8C0 teest.doc.pdf)
/etc/MailScanner/MailScanner.conf

Filename Rules = %etc-dir%/filename.rules

/etc/MailScanner/filename.rules

From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf

/etc/MailScanner/filename.rules.conf

# Allow word-pdf double extensions
allow \.doc\.pdf - -
allow \.docx\.pdf - -
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Can't allow specific double extensions

Post by henk »

did you try.

Code: Select all

allow	.\doc\.pdf	-	-
allow	.\docx\.pdf	-	-
a pdf can be a real nasty source for malware, just take my word for it...
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
iglooo
Posts: 32
Joined: 25 Jan 2019 19:52

Re: Can't allow specific double extensions

Post by iglooo »

Just tried your way and it still gets blocked. :/
Quarantine: /var/spool/MailScanner/quarantine/20190211/60EC6100105.AC00C
Report: MailScanner: Attempt to hide real filename extension (teest.doc.pdf)
iglooo
Posts: 32
Joined: 25 Jan 2019 19:52

Re: Can't allow specific double extensions

Post by iglooo »

Update! Got it working. Turns out it matters where in /etc/MailScanner/filename.rules.conf you add your entries - I had been adding the exception for doc.pdf after "deny all other double file extensions", and moving the entry right above it fixed the issue
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: Can't allow specific double extensions

Post by jamerson »

i am having the same issue,
can you tell me where have you allowed this ?
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Post Reply