too lot of false "Bad content"

Questions and answers about how to do stuff
Post Reply
gosha
Posts: 9
Joined: 08 Feb 2017 09:12

too lot of false "Bad content"

Post by gosha » 10 Jul 2018 07:08

Hi

How to tube mailscanner not to block certain content. I'm getting a problem with a lot of false positives.

There are different kind of false positives

1. MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (%D0%A1%D1%87%D-2.doc)
MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (KESSZEE108632_.pdf)
- here is no long filenames, sometimes only the russian filenames, sometimes I don't understand why

2. MailScanner: Message contained archive nested too deeply
some european digitally signed documents (estonia, belgia use the digital signatures) *.bdoc and *.ddoc are blocked as an archives mailscanner unable to scan.


How to tune these problems?

Post Reply