The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

block W32.Beagle.J@mm with mailscanner

Discussion in 'cPanel Developers' started by smarcellini, Mar 9, 2004.

  1. smarcellini

    smarcellini Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    I've tried editting etc/MailScanner/filename.rules.conf and adding:

    deny message.zip$

    But when I test this, it still allows the "message.zip" file to pass through.

    I notice below that it is set to:

    allow \.zip$

    so I changed this to:

    # allow \.zip$

    but it still isnt blocking the attachment.

    I did restart the MailScanner service too.

    I would like to block all the (name).zip files that are infected with this virus and any help would be appreciated.
     
    #1 smarcellini, Mar 9, 2004
    Last edited: Mar 9, 2004
  2. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    Change the allow to deny

    example:
    deny \.zip$ - -

    For a specific zip file:

    deny hello\.zip$
     
    #2 mmkassem, Mar 9, 2004
    Last edited: Mar 9, 2004
  3. smarcellini

    smarcellini Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    thanks after playing with it, that did the trick. Here is a sample of what I have to help others.

    # These are known to be mostly harmless.
    allow \.jpg$ - -
    allow \.gif$ - -
    # .url is arguably dangerous, but I can't just ban it...
    allow \.url$ - -
    allow \.vcf$ - -
    allow \.txt$ - -
    deny Message\.zip$ - -
    deny Attach\.zip$ - -
    deny Information\.zip$ - -
    deny Readme\.zip$ - -
    deny Document\.zip$ - -
    deny Info\.zip$ - -
    deny TextDocument\.zip$ - -
    deny TextFile\.zip$ - -
    deny MoreInfo\.zip$ - -
    allow \.t?gz$ - -

    NOTE*: The attachment name is case sensitive so make sure they are capitalized.
     

Share This Page