filename.xml.pdf - Allowlisted, Bad content [SOLVED]

Bugs in eFa 4
Post Reply
SelfMan
Posts: 24
Joined: 28 Sep 2021 18:02

filename.xml.pdf - Allowlisted, Bad content [SOLVED]

Post by SelfMan »

Hi guys,
our eFa 4.0.4 with MailScanner v5.5.1 is blocking file attachments with double extension ".xml.pdf" even though I modified the filename.rules.conf to allow it using:
allow \.xml\.pdf - -

The message details say:
Blocked File: Y
SPAM Allowlisted: Y

Any hints/ideas why that is?
Thanks
Last edited by SelfMan on 30 Nov 2024 09:06, edited 1 time in total.
User avatar
_M_P
Posts: 8
Joined: 06 Aug 2024 07:03
Location: Italy

Re: filename.xml.pdf - Allowlisted, Bad content

Post by _M_P »

Hi,
maybe

Code: Select all

# allow XMLs converted to PDFs
allow<tab>\.xml\.pdf$<tab>-allow XMLs converted to PDFs<tab>-
is better?
;-)
Best regards
SelfMan
Posts: 24
Joined: 28 Sep 2021 18:02

Re: filename.xml.pdf - Allowlisted, Bad content

Post by SelfMan »

thanks for the reply _M_P,
I copy/pasted one of the original lines so the tab-formatted content was there the whole time.
I just didn't use the </> code formatting here in the forum. (in hinesight, I should have)
And I also did restart the MailScanner.
User avatar
_M_P
Posts: 8
Joined: 06 Aug 2024 07:03
Location: Italy

Re: filename.xml.pdf - Allowlisted, Bad content

Post by _M_P »

...ok for tabs (are there!), but with a closer look, you'll notice that my RegEx is not the same of your (you missed a $)...

Kind regards
SelfMan
Posts: 24
Joined: 28 Sep 2021 18:02

Re: filename.xml.pdf - Allowlisted, Bad content

Post by SelfMan »

Ah, apologies! Brain fart! oh no Eyefart or something dumb.
Thanks for your patience.
efa-file-filter.png
efa-file-filter.png (12.31 KiB) Viewed 951 times
I've re-formated a couple lines that were added over time but the e-mails are still being filtered.
"The following e-mails were found to have: Bad Filename Detected"
User avatar
_M_P
Posts: 8
Joined: 06 Aug 2024 07:03
Location: Italy

Re: filename.xml.pdf - Allowlisted, Bad content

Post by _M_P »

Hi,
I'd try a

Code: Select all

mailscanner --lint
...

Best regards
SelfMan
Posts: 24
Joined: 28 Sep 2021 18:02

Re: filename.xml.pdf - Allowlisted, Bad content

Post by SelfMan »

I've run the --lint test which found couple other entries with syntax errors that I fixed. (yeah, there were still spaces instead of tabs)
They are now fixed and there are no errors reported. Yet, the pdf file I renames to file.xml.pdf is still filtered out:

Code: Select all

"The following e-mails were found to have: Bad Filename Detected"
"Report: MailScanner: Attempt to hide real filename extension (file.xml.pdf)"
And it ended up in the quarantine.

I've also tried to add the entry to "filetype.rules.conf", but it had no effect.
SelfMan
Posts: 24
Joined: 28 Sep 2021 18:02

Re: filename.xml.pdf - Allowlisted, Bad content

Post by SelfMan »

Ok, I found the "issue".
The sequence of rules is important.

The general rule for double extensions MUST be last in the sequence of rules.

Code: Select all

# Deny all other double file extensions. This catches any hidden filenames.
deny	\.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$	Found possible filename hiding				Attempt to hide real filename extension
When I moved the rule, all started to work.
Post Reply