Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2723
  • Last Modified:

MailScanner: allowing winmail.dat and .js files

Hi
Can someone tell me where to set MailScanner to allow winmail.dat and xxx.js attachments?

winmail.dat is the Outlook rich text format attachemt, yet my MailScanner blocks it ans says it contains a virus ( which it does not). It also blocks .js files, even in .zip archives.
Thanks
0
psimation
Asked:
psimation
  • 5
  • 4
  • 3
1 Solution
 
owensleftfootCommented:
Edit /etc/MailScanner/filetype.rules.conf.
0
 
psimationAuthor Commented:
HI Owen,
I've looked in all those files (inside /etc/MailScanner), but there is no explicit mention of .dat or .js, ( ie, it does not say deny nor allow for either).
Does this mean that if a file is not mentioned in there that it is by default accepted to be in a state of "deny"?
0
 
GnsCommented:
No, those are blocked for other reasons, right? Could you qoute the MailScanner report for both types here?
(BTW foot, idefault is to look at both file type and name, so one would need look at both files... Probably not the problem here:).

REasons that come to mind are "Allow Script Tags = no", "Allow Form Tags = no" etc in /etc/MailScanner/MailScanner.conf ... Or something completely different:-). We'll know better when we've seen some reports.

-- Glenn
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
psimationAuthor Commented:
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "winmail.dat"
was believed to be infected by a virus and has been replaced by this warning
message.


###################################################################

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "xxxxx.zip"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

Due to limitations placed on us by the Regulation of Investigatory Powers
Act 2000, we were unable to keep a copy of the original attachment.

At Thu Sep  2 13:23:57 2004 the virus scanner said:
   MailScanner: JScript Scripts are dangerous in email (xxxxxxx.js)

####################################################################

Those are the 2 reports, 1st for the winmail.dat, and 2nd for the .zip file containing the .js file.

I've looked in all my .conf files related to MailScanner , SpamAssassin and clamav, and nowere are there explicit "deny" rules set for either .zip, .js or .dat files.

Thanks for the help.
0
 
owensleftfootCommented:
The winmail.dat rejection is due to the "Deliver  Unparsable TNEF  = no"  setting in MailScanner.conf file. Still looking for the zip one.  Have you double checked the config files? :)
0
 
owensleftfootCommented:
The is an option for  Jscripts  in filename.rules.conf -
deny  \.jse?$ although that doesnt seem to include  .js extension on its own. Its worth a try commenting it out anyway. Dont forget to restart mailscanner after making changes.
0
 
GnsCommented:
Yep, foot is probably right about the TNEF thing, but alas not for the JScript rejection. Note that it _is_ mailscanner who's rejecting it there, so ... How about those settings for Scripts etc in MailScanner.conf... Could we see them? Oh BTW, which version of MS is it?

-- Glenn
0
 
GnsCommented:
"Oh, see me being both slow and wrong":-)

-- Glenn
0
 
psimationAuthor Commented:
Hi Gns
No, you may be slow, but you are not necessarily wrong. The .js part is not yet confirmed to work, but the TNEF thingy was definately the solution to the winmail.dat problem. The .js is of lesser importance to me, but I will explore and report back
0
 
GnsCommented:
How the _blazes_ does it match .... Ooow. Why is itimpossible to maintain a complete understanding of perlres? Probably because they're incredibly obtuse sometimes:-):-).
If you like to see it in action do:
# perl
$_="xxx.js";
/\.jse?$/ && print "Hoppla\n";
$_="xxx.jse";
/\.jse?$/ && print "Hoppla2\n";
$_="xxx.jser";
/\.jse?$/ && print "Hoppla3\n";
__END__
Hoppla
Hoppla2
#

Sigh, make me feel decrepit...

-- Glenn
0
 
GnsCommented:
... And the pod reference (or man perlre, for those interrested... I'll just copy this one line):
           ?      Match 1 or 0 times
so in the "\.jse?$" we actually have the eqivalent of "\.js$|\.jse$"...

And Yes, It makes me feel slow'n'stoopid, since I should know this. By heart:-)

-- Glenn
0
 
owensleftfootCommented:
"And Yes, It makes me feel slow'n'stoopid, since I should know this. By heart:-)"

I wouldnt worry about it mate. I should have spotted it too. But it was the only reference to jscript in the config file therefore it was worth a go commenting it out. I didnt think the re matched either :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now