efa-project.org


https://forum.efa-project.org/

Blocking custom file extention is not working

https://forum.efa-project.org/viewtopic.php?t=1404

Page 1 of 1

Blocking custom file extention is not working

Posted: 03 Feb 2016 13:24
by GoPiTM
Hi,

So I stumbled accross this site: http://www.emailsecuritycheck.net/index.html and had it sent it's test mails.
3 where blocked 4 came thru. :shock:
So to test I added this to the filename.rules at the bottem:
deny \.dll$ dll-files are not allowed dll-files are not allowed
deny \.()bat$ Possible malicious batch file script Batch files are often malicious

But it did not work.
Does anyone know what I did wrong?

Thx

Re: Blocking custom file extention is not working

Posted: 05 Feb 2016 00:14
by shawniverson
Saw you post on MailScanner list, did you get it to work?

Re: Blocking custom file extention is not working

Posted: 05 Feb 2016 09:43
by GoPiTM
Strange enough the .dll gets blocked when I send it from gmail or any other email system, but from the site it gets thru.
The .()bat is not yet working

Re: Blocking custom file extention is not working

Posted: 05 Feb 2016 12:59
by GoPiTM
I found the solution.

This will stop all attachments starting with .()

Code: Select all

deny	\.[(][)][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]	Possible malicious file	Files hiding behind () are often malicious

Re: Blocking custom file extention is not working

Posted: 22 Jul 2016 17:13
by z3us
I've got the same problems in EFA when using the tests from: http://www.emailsecuritycheck.net/index.html
Strange thing is that my tests from a Gmail accounts were just fine. Those mails we're blocked with message "Bad Content".
Mails from the website are getting through.
The sending address from the website isn't whitelisted.

What is the best way to troubleshoot this issue?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited