Exim Sysfilter does not work

[Rakaris Bakaris]

Hello!

I've edited the Exim Sysfilter to filter out .bat file attachments according to instructions in cPanels documentation by adding bat extension to all of the extensions lists

However, if I forward an email that has a .bat extension the mail went through and wasn't rejected (tested with emailsecuritycheck.net/ tests).

I restarted exim each time I made changes. I'm using the correct filter file -
cpanel_system_filter_new

What is wrong with my configuration? How to solve this?

Thanks

 

[Rakaris Bakaris]

Hello!

I've edited the Exim Sysfilter to filter out .bat file attachments according to instructions in cPanels documentation by adding bat extension to all of the extensions lists

However, if I forward an email that has a .bat extension the mail went through and wasn't rejected (tested with emailsecuritycheck.net/ tests).

I restarted exim each time I made changes. I'm using the correct filter file -
cpanel_system_filter_new

What is wrong with my configuration? How to solve this?

Thanks

I have noticed that file "/usr/local/cpanel/etc/exim/sysfilter/options/attachments" does not contain my added changes. Why? If I understand correctly the file is not editable directly.
For testing purposes I have added to the file "/usr/local/cpanel/etc/exim/sysfilter/options/attachments" the missing attachments but after Exim restart the attachment was not blocked.

 

[cPanelMichael]

Hello,

In "WHM >> Exim Configuration Manager", under the "Filters" tab, are you using a custom filter for the "System Filter File" option? If so, you'd need to add your custom filter rules to that custom system filter file itself instead of adding them as separate filter files under the options directory. There's a thread on this topic at:

Exim custom filter not working

Thank you.

 

[Rakaris Bakaris]

Hello!
Yes, I'm using "System Filter File". I have removed the changes from options file so it's 1:1 as it was before but nothing has changed. You can see my configuration bellow.
i.imgur.com/QiCjS29.png
The discussion you pointed shows that there is custom filter file option but I have not see such one on my filters configuration pane. Where can be the problem?
Thanks!

 

[Rakaris Bakaris]

Update:
I have determined that:
1) If I send from server webmail with .bat attachment, it does not allow send the mail to other recepient.
2) If I'm using email security tests Free Email Security Check (emailsecuritycheck.net), then mails 4,5,7 are received. See reference bellow.
3) If I'm configure Global email filter at Cpanel account (body contains .bat), then there are no security test emails on the inbox (the expected result)

For reference from emailsecuritycheck.net:

• The first mail (1/7) contains a harmless executable attachment. Even though it is harmless, it should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, this mail may never reach you.
• The next mail (2/7) contains a harmless executable attachment, the EICAR anti virus test file in a .zip archive. This file should be detected by every virus checker. Depending on the configuration of your virus checker, this mail may never reach you.
• The third mail (3/7) is harmless spam message (GTUBE spam signature), and should be detected by every spam filter. Depending on the configuration of your spam filter, this mail may never reach you.
• The remaining four mails (4/7 to 7/7) contain attachments disguised in different ways. Even though the attachments are harmless, they should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, these mails may never reach you.

So the question:
1) Why Exim does not block the test mails 4,5,7?
2) how to make Exim discard / disable such attachments?

 

[cPanelMichael]

Yes, I'm using "System Filter File". I have removed the changes from options file so it's 1:1 as it was before but nothing has changed. You can see my configuration bellow.
i.imgur.com/QiCjS29.png
The discussion you pointed shows that there is custom filter file option but I have not see such one on my filters configuration pane. Where can be the problem?

Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.

 

[Rakaris Bakaris]

Hello!
Have opened ticket with No 9027839.
Thank you.

 

[hub2000]

Hello,
i want to re-open this, because i have a similar problem:
I use the separate cpanel_system_filter_new file

I added xls and xlsx filetypes

Its working for both xls and xlsx as for external email boxes sending these filetypes to my server, BUT, with one exception:

I received emails from our Chinese supplier with an excel file with filename "SL-W1-190916DOC.xls" and there its not working, repeatedly.

So, how does this filter "really" "work" ?

Hubertus