Page 1 of 1

Emails that are retained for containing .dat files

Posted: 08 Aug 2022 14:11
by uzisuicida
Hello everyone,
I have a problem that I cannot solve, some emails are kept in quarantine because they contain .dat files, I even have the domain whitelisted:
Untitled.png
Untitled.png (8.9 KiB) Viewed 20962 times
I don't know how I can solve this problem.

Thanks,

Re: Emails that are retained for containing .dat files

Posted: 09 Aug 2022 06:54
by pdwalker
log into your efa box and run the following command from the shell and post the results here.

Code: Select all

grep -r "No programs allowed" /etc/MailScanner/

Re: Emails that are retained for containing .dat files

Posted: 09 Aug 2022 14:03
by uzisuicida
Hello pdwalker, here the result of executing that command.
Thanks!

Re: Emails that are retained for containing .dat files

Posted: 12 Aug 2022 06:43
by pdwalker
Ok, so that is weird.

I cannot reproduce the problem.

Is it possible for you to forward me an email as an attachment that is triggered by your efa system? I would like to inspect the email in question to see if I can work out why it is trigguring the "No executables" rule.

Maybe there is an executable contained inside the .dat file and that is why efa is objecting.

I'll send you a private message with my address if you are willing for me to have a look.

Re: Emails that are retained for containing .dat files

Posted: 12 Aug 2022 06:55
by pdwalker
Oh, hey, look! I found this in the EFA slack channel
Ben
2:58 PM
Hey, is there any to fix the MailScanner: No programs allowed (220000.dat) and allow .dat files?

Shawn Iverson
6:53 PM
In /etc/MailScanner/MailScanner.conf:
Archives: Ignore DAT File Executable = yes
What are your settings?

This is my /etc/MailScanner/MailScanner.conf file (including line numbers)

Code: Select all

1386 # Some dat files appear as DOS executables (such as in Corel or
1387 # Office files). This setting allows such dat files through without
1388 # having to disable the DOS executable deny rule.
1389 Archives: Ignore DAT File Executable = no

Re: Emails that are retained for containing .dat files

Posted: 12 Aug 2022 14:15
by uzisuicida
Hello,

My config is like this:

Re: Emails that are retained for containing .dat files

Posted: 16 Aug 2022 06:58
by pdwalker
Without the original message to examine, I don't have a solution other than to disable the "No executables" rule inside of MailScanner in the filetype rules configuration files.

Re: Emails that are retained for containing .dat files

Posted: 06 Sep 2022 20:19
by uzisuicida
Hello, sorry for the delay in responding. I am sending you the original emails, which are blocked because they contain .dat files and even ignoring that validation:

Files: Ignore DAT File Executable = yes

Mailscanner it keeps blocking them.

How can I disable executable blocking? It is the only thing that occurs to me that I can do, for the moment, since this problem is creating communication problems with our suppliers.

Re: Emails that are retained for containing .dat files

Posted: 10 Nov 2022 21:15
by SelfMan
HI there, is there any progress on this xxxxx.dat problem?

Re: Emails that are retained for containing .dat files

Posted: 11 Nov 2022 09:02
by pdwalker
Sorry for the delay in getting back to you.

The messages you sent me passed into my system without any trouble at all and I cannot yet figure out why you can't get the messages but I can.

Re: Emails that are retained for containing .dat files

Posted: 11 Nov 2022 09:07
by pdwalker

Code: Select all

[user@efa4 MailScanner]# grep "No programs allowed" *.conf
archives.filetype.rules.conf:#deny	executable	No executables		No programs allowed
archives.filetype.rules.conf:#deny	ELF		No executables		No programs allowed
filetype.rules.conf:#deny	executable	No executables		No programs allowed
filetype.rules.conf:#deny	ELF		No executables		No programs allowed
Let's run a test on your system.

- Send yourself the smallest message you can that triggers the problem - preferably one with just a single attachment

- Verify that you still have the problem

- Edit your archives.filetype.rules.conf and filetype.rules.conf and comment out those lines above.

- Then restart mailscanner ('service mailscanner restart') and send yourself the messages

- Send yourself the same message and see if the problem is triggered again, or if it passes through.

- Report back here.

Re: Emails that are retained for containing .dat files

Posted: 23 Nov 2022 18:35
by shawniverson
Fixed here:

https://github.com/MailScanner/v5/pull/614

I'll roll up a new release of MailScanner and pull into eFa, I have quite a few fixes pending.