Can't allow specific double extensions

Questions and answers about how to do stuff
Post Reply
iglooo
Posts: 21
Joined: 25 Jan 2019 19:52

Can't allow specific double extensions

Post by iglooo » 11 Feb 2019 20:02

I'm trying to allow .doc/.docx.pdf extensions but it doesn't work with the below configuration. What am I doing wrong? I've already restarted mailscanner and I'm using tabs for spaces.

Code: Select all

Feb 11 14:42:31 efaserv MailScanner[29811]: Filename Checks: Found possible filename hiding (E569E101301.AB8C0 teest.doc.pdf)
/etc/MailScanner/MailScanner.conf

Filename Rules = %etc-dir%/filename.rules

/etc/MailScanner/filename.rules

From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf

/etc/MailScanner/filename.rules.conf

# Allow word-pdf double extensions
allow \.doc\.pdf - -
allow \.docx\.pdf - -

henk
Posts: 299
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Can't allow specific double extensions

Post by henk » 11 Feb 2019 23:34

did you try.

Code: Select all

allow	.\doc\.pdf	-	-
allow	.\docx\.pdf	-	-
a pdf can be a real nasty source for malware, just take my word for it...

iglooo
Posts: 21
Joined: 25 Jan 2019 19:52

Re: Can't allow specific double extensions

Post by iglooo » 12 Feb 2019 00:06

Just tried your way and it still gets blocked. :/
Quarantine: /var/spool/MailScanner/quarantine/20190211/60EC6100105.AC00C
Report: MailScanner: Attempt to hide real filename extension (teest.doc.pdf)

iglooo
Posts: 21
Joined: 25 Jan 2019 19:52

Re: Can't allow specific double extensions

Post by iglooo » 20 Feb 2019 16:53

Update! Got it working. Turns out it matters where in /etc/MailScanner/filename.rules.conf you add your entries - I had been adding the exception for doc.pdf after "deny all other double file extensions", and moving the entry right above it fixed the issue

Post Reply