Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mailscannner filename exception rule?

Discussion in 'E-mail Discussions' started by dory36, Jan 14, 2005.

  1. dory36

    dory36 Well-Known Member

    Aug 30, 2003
    Likes Received:
    Trophy Points:
    We've been lucky to have almost a zero false alarm rate with our virus scanning with ClamAV and MailScanner.

    There is one set of files that comes top me by email periodically that always trips the trigger; it contains two atachments, and (The 1-2-3 part is a version number, and changes each time.)

    I always get the message "The original e-mail attachment ""
    is on the list of unacceptable attachments for this site and has been
    replaced by this warning message ... At Fri Jan 14 03:48:50 2005 the virus scanner said:
    Attempt to hide real filename extension (

    What rule(s) can I add, and where, to allow this specific set of files without opening up a loophole for all the "resume.doc .com" and similar attacks?

    Thanks - Bill
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess

    My latest release of MailScanner includes the following two rulesets:


    You can put exception into these files (at the top) for specific senders/recipients using:

    From: and To: /usr/mailscanner/etc/

    This will then skip filename and filetype checking for any email from/to the email address combination listed. It will mean that the email is still virus scanned, though again, an exception rule could be put at the top of:


    The exception would look similar to the above:

    From: and To: no

    Modifying any of these files would require a reload of MailScanner:

    service MailScanner reload

    You should obviously only ever do this for email from trusted sources.

Share This Page