Emails that are retained for containing .dat files

Bugs in eFa 4
Post Reply
uzisuicida
Posts: 10
Joined: 24 Jan 2019 06:24

Emails that are retained for containing .dat files

Post by uzisuicida »

Hello everyone,
I have a problem that I cannot solve, some emails are kept in quarantine because they contain .dat files, I even have the domain whitelisted:
Untitled.png
Untitled.png (8.9 KiB) Viewed 1060 times
I don't know how I can solve this problem.

Thanks,
User avatar
pdwalker
Posts: 1500
Joined: 18 Mar 2015 09:16

Re: Emails that are retained for containing .dat files

Post by pdwalker »

log into your efa box and run the following command from the shell and post the results here.

Code: Select all

grep -r "No programs allowed" /etc/MailScanner/
uzisuicida
Posts: 10
Joined: 24 Jan 2019 06:24

Re: Emails that are retained for containing .dat files

Post by uzisuicida »

Hello pdwalker, here the result of executing that command.
Thanks!
Attachments
Untitled.png
Untitled.png (16.91 KiB) Viewed 1037 times
User avatar
pdwalker
Posts: 1500
Joined: 18 Mar 2015 09:16

Re: Emails that are retained for containing .dat files

Post by pdwalker »

Ok, so that is weird.

I cannot reproduce the problem.

Is it possible for you to forward me an email as an attachment that is triggered by your efa system? I would like to inspect the email in question to see if I can work out why it is trigguring the "No executables" rule.

Maybe there is an executable contained inside the .dat file and that is why efa is objecting.

I'll send you a private message with my address if you are willing for me to have a look.
User avatar
pdwalker
Posts: 1500
Joined: 18 Mar 2015 09:16

Re: Emails that are retained for containing .dat files

Post by pdwalker »

Oh, hey, look! I found this in the EFA slack channel
Ben
2:58 PM
Hey, is there any to fix the MailScanner: No programs allowed (220000.dat) and allow .dat files?

Shawn Iverson
6:53 PM
In /etc/MailScanner/MailScanner.conf:
Archives: Ignore DAT File Executable = yes
What are your settings?

This is my /etc/MailScanner/MailScanner.conf file (including line numbers)

Code: Select all

1386 # Some dat files appear as DOS executables (such as in Corel or
1387 # Office files). This setting allows such dat files through without
1388 # having to disable the DOS executable deny rule.
1389 Archives: Ignore DAT File Executable = no
uzisuicida
Posts: 10
Joined: 24 Jan 2019 06:24

Re: Emails that are retained for containing .dat files

Post by uzisuicida »

Hello,

My config is like this:
Attachments
Untitled.png
Untitled.png (10.28 KiB) Viewed 959 times
User avatar
pdwalker
Posts: 1500
Joined: 18 Mar 2015 09:16

Re: Emails that are retained for containing .dat files

Post by pdwalker »

Without the original message to examine, I don't have a solution other than to disable the "No executables" rule inside of MailScanner in the filetype rules configuration files.
uzisuicida
Posts: 10
Joined: 24 Jan 2019 06:24

Re: Emails that are retained for containing .dat files

Post by uzisuicida »

Hello, sorry for the delay in responding. I am sending you the original emails, which are blocked because they contain .dat files and even ignoring that validation:

Files: Ignore DAT File Executable = yes

Mailscanner it keeps blocking them.

How can I disable executable blocking? It is the only thing that occurs to me that I can do, for the moment, since this problem is creating communication problems with our suppliers.
SelfMan
Posts: 19
Joined: 28 Sep 2021 18:02

Re: Emails that are retained for containing .dat files

Post by SelfMan »

HI there, is there any progress on this xxxxx.dat problem?
User avatar
pdwalker
Posts: 1500
Joined: 18 Mar 2015 09:16

Re: Emails that are retained for containing .dat files

Post by pdwalker »

Sorry for the delay in getting back to you.

The messages you sent me passed into my system without any trouble at all and I cannot yet figure out why you can't get the messages but I can.
User avatar
pdwalker
Posts: 1500
Joined: 18 Mar 2015 09:16

Re: Emails that are retained for containing .dat files

Post by pdwalker »

Code: Select all

[user@efa4 MailScanner]# grep "No programs allowed" *.conf
archives.filetype.rules.conf:#deny	executable	No executables		No programs allowed
archives.filetype.rules.conf:#deny	ELF		No executables		No programs allowed
filetype.rules.conf:#deny	executable	No executables		No programs allowed
filetype.rules.conf:#deny	ELF		No executables		No programs allowed
Let's run a test on your system.

- Send yourself the smallest message you can that triggers the problem - preferably one with just a single attachment

- Verify that you still have the problem

- Edit your archives.filetype.rules.conf and filetype.rules.conf and comment out those lines above.

- Then restart mailscanner ('service mailscanner restart') and send yourself the messages

- Send yourself the same message and see if the problem is triggered again, or if it passes through.

- Report back here.
User avatar
shawniverson
Posts: 3605
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Emails that are retained for containing .dat files

Post by shawniverson »

Fixed here:

https://github.com/MailScanner/v5/pull/614

I'll roll up a new release of MailScanner and pull into eFa, I have quite a few fixes pending.
Post Reply