What's considered a "dangerous attachment"?

[GoWilkes]

I have a client that is sending a 21MB ZIP file (a Quickbooks backup, compressed as a ZIP) to another client, and while they do receive the email, the attachment isn't included.

As a test, I asked him to send it to my own email account and CC it to a Gmail account. It showed up on Gmail correctly, but my regular email account just received the email with no attachment. This eliminates the recipient's Outlook being the problem.

The only setting that I could find that might impact this is "Attachments: Filter dangerous attachments" under Exim Configuration in WHM. I couldn't find anywhere that stated how a "dangerous attachment" is defined, but would this setting allow the email to go through without the attachment?

If so, is there a way to modify it so that this attachment will go through, but not be so loose as to allow viruses and such through?

 

[santrix]

This is a good question, and I'm bumping the thread as I also want to know what the

Attachments: Filter dangerous attachments

setting does. I run clamav and to be honest, I would rather not have to if this setting will automatically strip out anything with an executable extension for windoze.

Obviously, for clamd to have to parse 10Mb attachments on the off chance it may contain a virus is a big overhead, when it's much easier to check the attachment doesn't have an exe, com, bat etc extension.

does anyone know what this setting actually does?

 

[Data 1]

Count me in on this.

I actually have mine turned off, because the "outlook/outlook express" potentially dangerous attachment could mean any attachment even JPGS and GIFS which are frequently transferred and forwarded during e-mail. Would be nice to know exactly where the line is drawn for exim.

This isn't really a cpanel question it is exim but someone here is bound to know the answer.

Jim

 

[cPanelDavidG]

This is a good question, and I'm bumping the thread as I also want to know what the

Attachments: Filter dangerous attachments

setting does. I run clamav and to be honest, I would rather not have to if this setting will automatically strip out anything with an executable extension for windoze.

Obviously, for clamd to have to parse 10Mb attachments on the off chance it may contain a virus is a big overhead, when it's much easier to check the attachment doesn't have an exe, com, bat etc extension.

does anyone know what this setting actually does?

This setting activates the filters stored in /etc/antivirus.exim

Essentially, this filters out files with the following extensions:

.ade
.adp
.bas
.bat
.chm
.cmd
.com
.cpl
.crt
.eml
.exe
.hlp
.hta
.inf
.ins
.isp
.jse and .jse followed by any character
.lnk
.mdb
.mde
.msc
.msi
.msp
.mst
.pcd
.pif
.reg
.scr
.sct
.shs
.url
.vbs
.vbe
.wsf
.wsh
.wsc

If you look at the file, you'll see other filters in it but these file extensions are what most folks think of when they think of this functionality.

 

[Data 1]

This seems like a "good" thing, does it tax the CPU any above the normal strains that exim demands?

 

[cPanelDavidG]

This seems like a "good" thing, does it tax the CPU any above the normal strains that exim demands?

I haven't heard any reports of this causing noticeable drain on the CPU.