Solved

Why the attachment being blocked?

Posted on 2011-03-03

Linux

1 solution

970 Views

Last Modified: 2012-05-11

This is using MailScanner on CentOs. There is an external party tried to send us, and in return, mail being bounced back with the error messages as follows:

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "%112233aaccbb.htm"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

If you wish to receive a copy of the original attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Thu Mar 3 22:56:39 2011 the virus scanner said:
MailScanner: Filename trying to hide its real type (%aabbcc1122.htm)

Note to Help Desk: Look on the abc networks (smtp.abc.com) MailScanner in /var/spool/MailScanner/quarantine/20110303 (message p23EuYdx006926).
--
Postmaster
abc networks

What's wrong with the attachment? How to solve the problem?

Comment

Question by:Balack

[X]

Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

Help others & share knowledge
Earn cash & points
Learn & ask questions

Join The Community

7 Comments

LVL 16

Expert Comment

by:santoshmotwani

ID: 350330022011-03-03

can you please paste output of

/etc/MailScanner/filename.rules.conf
/etc/MailScanner/filename.allow.all.conf

Author Comment

by:Balack

ID: 350336242011-03-03

Hi santoshmotwani,

Filename.allow.all.conf:

# This ruleset will allow all attached files to pass
allow .* - -

For filename.rules.conf, see the attached

filename.rules.conf.txt

LVL 12

Accepted Solution

by:mccracky

mccracky earned 500 total points

ID: 350370042011-03-04

At a quick glance it seems that it is hitting the CLSID rule:

# Deny filenames containing CLSID's
deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type. Files containing CLSID's are trying to hide their real type

Examples:
A977FF0C-8757-4E76-8533-482F91946233
000209FF-0000-0000-C000-000000000046

Can the file be renamed and sent?

Author Comment

by:Balack

ID: 350382772011-03-04

yes, it can.

Author Comment

by:Balack

ID: 350382832011-03-04

It is normally *.htm file.

LVL 12

Expert Comment

by:mccracky

ID: 350394712011-03-04

I don't think it's the .htm part, but the first part that is just 112233aabbcc, but not sure.

Author Closing Comment

by:Balack

ID: 350781752011-03-08

good

Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How websites can be redirected?

Article by: torakeshb

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…

Linux

Installing SQL Server vNext on Linux: Part 1 (Prerequisites)

Article by: Yashwant

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.

Linux/ Unix Bash Shell: Getting Help

Video by: Dototot

Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…