Solved

MailScanner: allowing winmail.dat and .js files

Posted on 2004-09-02
12
2,609 Views
Last Modified: 2009-01-29
Hi
Can someone tell me where to set MailScanner to allow winmail.dat and xxx.js attachments?

winmail.dat is the Outlook rich text format attachemt, yet my MailScanner blocks it ans says it contains a virus ( which it does not). It also blocks .js files, even in .zip archives.
Thanks
0
Comment
Question by:psimation
  • 5
  • 4
  • 3
12 Comments
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 11968509
Edit /etc/MailScanner/filetype.rules.conf.
0
 
LVL 17

Author Comment

by:psimation
ID: 11970490
HI Owen,
I've looked in all those files (inside /etc/MailScanner), but there is no explicit mention of .dat or .js, ( ie, it does not say deny nor allow for either).
Does this mean that if a file is not mentioned in there that it is by default accepted to be in a state of "deny"?
0
 
LVL 20

Expert Comment

by:Gns
ID: 11970897
No, those are blocked for other reasons, right? Could you qoute the MailScanner report for both types here?
(BTW foot, idefault is to look at both file type and name, so one would need look at both files... Probably not the problem here:).

REasons that come to mind are "Allow Script Tags = no", "Allow Form Tags = no" etc in /etc/MailScanner/MailScanner.conf ... Or something completely different:-). We'll know better when we've seen some reports.

-- Glenn
0
 
LVL 17

Author Comment

by:psimation
ID: 11971115
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "winmail.dat"
was believed to be infected by a virus and has been replaced by this warning
message.


###################################################################

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "xxxxx.zip"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

Due to limitations placed on us by the Regulation of Investigatory Powers
Act 2000, we were unable to keep a copy of the original attachment.

At Thu Sep  2 13:23:57 2004 the virus scanner said:
   MailScanner: JScript Scripts are dangerous in email (xxxxxxx.js)

####################################################################

Those are the 2 reports, 1st for the winmail.dat, and 2nd for the .zip file containing the .js file.

I've looked in all my .conf files related to MailScanner , SpamAssassin and clamav, and nowere are there explicit "deny" rules set for either .zip, .js or .dat files.

Thanks for the help.
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 11971576
The winmail.dat rejection is due to the "Deliver  Unparsable TNEF  = no"  setting in MailScanner.conf file. Still looking for the zip one.  Have you double checked the config files? :)
0
 
LVL 17

Accepted Solution

by:
owensleftfoot earned 50 total points
ID: 11971617
The is an option for  Jscripts  in filename.rules.conf -
deny  \.jse?$ although that doesnt seem to include  .js extension on its own. Its worth a try commenting it out anyway. Dont forget to restart mailscanner after making changes.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 20

Expert Comment

by:Gns
ID: 11971859
Yep, foot is probably right about the TNEF thing, but alas not for the JScript rejection. Note that it _is_ mailscanner who's rejecting it there, so ... How about those settings for Scripts etc in MailScanner.conf... Could we see them? Oh BTW, which version of MS is it?

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 11971913
"Oh, see me being both slow and wrong":-)

-- Glenn
0
 
LVL 17

Author Comment

by:psimation
ID: 11971999
Hi Gns
No, you may be slow, but you are not necessarily wrong. The .js part is not yet confirmed to work, but the TNEF thingy was definately the solution to the winmail.dat problem. The .js is of lesser importance to me, but I will explore and report back
0
 
LVL 20

Expert Comment

by:Gns
ID: 11972019
How the _blazes_ does it match .... Ooow. Why is itimpossible to maintain a complete understanding of perlres? Probably because they're incredibly obtuse sometimes:-):-).
If you like to see it in action do:
# perl
$_="xxx.js";
/\.jse?$/ && print "Hoppla\n";
$_="xxx.jse";
/\.jse?$/ && print "Hoppla2\n";
$_="xxx.jser";
/\.jse?$/ && print "Hoppla3\n";
__END__
Hoppla
Hoppla2
#

Sigh, make me feel decrepit...

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 11972041
... And the pod reference (or man perlre, for those interrested... I'll just copy this one line):
           ?      Match 1 or 0 times
so in the "\.jse?$" we actually have the eqivalent of "\.js$|\.jse$"...

And Yes, It makes me feel slow'n'stoopid, since I should know this. By heart:-)

-- Glenn
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 11977654
"And Yes, It makes me feel slow'n'stoopid, since I should know this. By heart:-)"

I wouldnt worry about it mate. I should have spotted it too. But it was the only reference to jscript in the config file therefore it was worth a go commenting it out. I didnt think the re matched either :)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now