Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mailscannner filename exception rule?

Discussion in 'E-mail Discussion' started by dory36, Jan 14, 2005.

  1. dory36

    dory36 Well-Known Member

    Aug 30, 2003
    Likes Received:
    Trophy Points:
    We've been lucky to have almost a zero false alarm rate with our virus scanning with ClamAV and MailScanner.

    There is one set of files that comes top me by email periodically that always trips the trigger; it contains two atachments, and (The 1-2-3 part is a version number, and changes each time.)

    I always get the message "The original e-mail attachment ""
    is on the list of unacceptable attachments for this site and has been
    replaced by this warning message ... At Fri Jan 14 03:48:50 2005 the virus scanner said:
    Attempt to hide real filename extension (

    What rule(s) can I add, and where, to allow this specific set of files without opening up a loophole for all the "resume.doc .com" and similar attacks?

    Thanks - Bill
  2. chirpy

    chirpy Well-Known Member Verifed Vendor

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess

    My latest release of MailScanner includes the following two rulesets:


    You can put exception into these files (at the top) for specific senders/recipients using:

    From: and To: /usr/mailscanner/etc/

    This will then skip filename and filetype checking for any email from/to the email address combination listed. It will mean that the email is still virus scanned, though again, an exception rule could be put at the top of:


    The exception would look similar to the above:

    From: and To: no

    Modifying any of these files would require a reload of MailScanner:

    service MailScanner reload

    You should obviously only ever do this for email from trusted sources.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice