Heino Backhaus
2015-03-27 15:10:36 UTC
Hello All,
I've enjoyed using mailscanner for many years now. Thanks to all.
I would realy appreciate your help with a problem i was running across.
An attached bitmap (a companys logo) triggeres wrongly the CLSID
Filename rule.
The MailWatch report says:
Report: MailScanner: Files containing CLSID's are trying to hide
their real type (CLIP-%7B8EC58011.bmp)
The corresponding rule from filename.rules.conf is stated below:
# Deny filenames containing CLSID's
deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type
Files containing CLSID's are trying to hide
their real type
The first question is. Does Mailscanner rename a file with a CLSID in
the filename to something like this: CLIP-%7B8EC58011.bmp ?
A strange thing is that this file downloaded from Mailwatch and attached
to a new (html) mail will pass the Mailscanner.
So i think it's renamed...
But when you try to release the mail from quarantine it triggers
the CLSID-Rule again ... I'm a little confused about this and need help.
My Softwareversions are:
MailWatch Version = 1.2.0 - Beta 5
MailScanner Version = 4.84.6
PHP Version = 5.5.9-1ubuntu4.7
MySQL Version = 5.5.41-0ubuntu0.14.04.1
Thanks in advance.
-Heino
--
"In retrospect it becomes clear that hindsight is definitely overrated!"
-Alfred E. Neumann
I've enjoyed using mailscanner for many years now. Thanks to all.
I would realy appreciate your help with a problem i was running across.
An attached bitmap (a companys logo) triggeres wrongly the CLSID
Filename rule.
The MailWatch report says:
Report: MailScanner: Files containing CLSID's are trying to hide
their real type (CLIP-%7B8EC58011.bmp)
The corresponding rule from filename.rules.conf is stated below:
# Deny filenames containing CLSID's
deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type
Files containing CLSID's are trying to hide
their real type
The first question is. Does Mailscanner rename a file with a CLSID in
the filename to something like this: CLIP-%7B8EC58011.bmp ?
A strange thing is that this file downloaded from Mailwatch and attached
to a new (html) mail will pass the Mailscanner.
So i think it's renamed...
But when you try to release the mail from quarantine it triggers
the CLSID-Rule again ... I'm a little confused about this and need help.
My Softwareversions are:
MailWatch Version = 1.2.0 - Beta 5
MailScanner Version = 4.84.6
PHP Version = 5.5.9-1ubuntu4.7
MySQL Version = 5.5.41-0ubuntu0.14.04.1
Thanks in advance.
-Heino
--
"In retrospect it becomes clear that hindsight is definitely overrated!"
-Alfred E. Neumann
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!