The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MailScanner Setting

Discussion in 'E-mail Discussions' started by GOT, Jul 31, 2003.

  1. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    Just had a mail get flagged as a problem, and I do not want this check performed:

    The following e-mail messages were found to have viruses in them:

    Sender: <xxx@xxx.com>
    IP Address: xx.xx.xx.xx
    Recipient: xx@xxxxx.com
    Subject: RE: Humboldt
    MessageID: 19iKVM-00036J-HB
    Report: Attempt to hide real filename extension (xxxxxxx.com.pdf)


    --
    MailScanner
    Email Virus Scanner
    www.mailscanner.info

    I looked in MailScanner.conf, but cannot find it anywhere...

    cPanel.net Support Ticket Number:
     
  2. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    Anyone?

    cPanel.net Support Ticket Number:
     
  3. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    Look for filename.rules.conf

    For my How-To it should be:
    /etc/MailScanner/filename.rules.conf

    The last rule:
    # Deny all other double file extensions. This catches any hidden filenames.
    deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding

    This one is responsible for the message you got

    If you want to allow it try:
    allow \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ - -

    Save and restart MailScanner. This should work.
     
  4. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    Don't know how I missed that file. Seems a tad on the restrictive side overall. Going to have to evaluate a lot of that.

    Thanks!

    cPanel.net Support Ticket Number:
     
  5. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Can I ask why you would want to allow that file? It probably is a com executable hidden as a pdf extension.
     
  6. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    No, actually, it was a domain name.

    dimain.com.pdf.

    I mean, I guess it might be, but .com are scanned anyway, right?

    cPanel.net Support Ticket Number:
     
  7. EagleEye

    EagleEye Member

    Joined:
    Apr 8, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Actually if it was a com posing as a pdf the extention would have been .pdf.com )at least that is how LoveBug was so sneakily :word?: spread).

    But that is neither here or there.

    I imagine virii like lovebug was in mind when this rule was first conceived. If your users a educated on this risk then removing this rule shouldn't hurt anything. However....

    cPanel.net Support Ticket Number: NONE
     
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Is it okay to use the spamassassin configuration settings in mailscanner, or will that cause it to run spamassassin twice? I'd like to take advantage of the function to delete messages with scores of over 10 points.

    cPanel.net Support Ticket Number:
     
  9. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    If you want to run it then disable the SpamAssassin in Cpanel .. Notice SpamAssassin won't be disabled for clients which has it enabled.

    If both MailScanner SA + cPanel SA then SA will run twice..

    cPanel.net Support Ticket Number:
     
  10. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Thanks, Mahmoud. I suspected it would be like that. I'll have to give that some thought.

    By the way, are you filling in for dgbaker while he's gone?:)

    cPanel.net Support Ticket Number:
     
  11. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    I'm not gone. I'm back! Sort of :confused: :D

    cPanel.net Support Ticket Number:
     
  12. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    That's too soon, David. You need more rest.:)

    cPanel.net Support Ticket Number:
     
  13. jackal

    jackal Well-Known Member
    PartnerNOC

    Joined:
    Feb 23, 2002
    Messages:
    708
    Likes Received:
    0
    Trophy Points:
    16
    David by the look of your avatar you still look a little winded.

    :eek: ;) :)

    cPanel.net Support Ticket Number:
     
  14. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    Just trying to help. He has more experience than me :) (currently ;))

    cPanel.net Support Ticket Number:
     
  15. magin

    magin Well-Known Member

    Joined:
    Sep 3, 2003
    Messages:
    45
    Likes Received:
    1
    Trophy Points:
    6
    How can setup Spamassassin in mailscanner in roder to delete the marked emails?? thanks for any help
     
  16. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    To have MailScanner delete high scoring spam* edit MailScanner.conf (in /usr/mailscanner/etc/ if you're using the layer1 disti) and change the following section What to do with spam and read it. In particular you want the directives:
    High Scoring Spam Actions =
    Spam Actions =

    Remember to start and restart MailScanner after making any changes.

    *Note: Remember that you will always get false-positives with spam detection and if you set either of the above to delete then there may well be non-spam mails deleted
     
  17. magin

    magin Well-Known Member

    Joined:
    Sep 3, 2003
    Messages:
    45
    Likes Received:
    1
    Trophy Points:
    6
  18. Creazioni1

    Creazioni1 Well-Known Member

    Joined:
    Dec 28, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    Some customer don't receive
    file.pdf
    file.tmp.pdf
    and this is a problem because are invoice

    Can i enable mailscanner to receive this mail?


    THANKS
     
  19. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    MailScanner doesn't block pdf files by default, it's probably being done by the /etc/antivirus.exim file.
     
  20. Creazioni1

    Creazioni1 Well-Known Member

    Joined:
    Dec 28, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    From 4 MAY, day when i installed MAILSCANNER, some pdf don't delivery

    :(
     
Loading...

Share This Page