To start off with, we are running the following:
Whitebox Linux 3.0ES Latest Open Protect (Great product!) ClamAV up to date
That being said, I'm having a problem where legitimate attachments are being refused because of their name. Here's what the log showed:
These attachments are only quasi-legit
Apr 12 15:34:22 pop MailScanner[1235]: New Batch: Scanning 1 messages, 114267 bytes Apr 12 15:34:23 pop MailScanner[1235]: MCP Checks: Starting Apr 12 15:34:24 pop MailScanner[1235]: Spam Checks: Starting Apr 12 15:34:32 pop MailScanner[1235]: Virus and Content Scanning: Starting Apr 12 15:34:34 pop MailScanner[1235]: Filename Checks: Found possible filename hiding (_test.LTR.pdf)
A file name beginning with an underbar is not the sort of thing I'd trust. It will also do strange things if it was created on a Windows
machine and sent to an OSX machine.
Special characters in file names are bogus, especially if used to start the file name.
Further, additional puctuation is bogus.
On many windows systems this file may not display at all or if it does, it would display as _test.LTR
rather than _test.LTR.pdf
IN the case of "evilprogram.exe"
nameing it "benign-attachment.pdf.exe"
would show on some windows computers as "benign-attachment.pdf
and of course, when launched, , , ,
You can rename said file in the quarantene, and then forward it along,
But lart the sender to use proper file names.
Apr 12 15:34:34 pop MailScanner[1235]: Filename Checks: Found possible filename hiding (test1-AB.AGR.doc) Apr 12 15:34:35 pop MailScanner[1235]: Filename Checks: Found possible filename hiding (test2.AGR.doc) Apr 12 15:34:35 pop MailScanner[1235]: Other Checks: Found 3 problems Apr 12 15:34:35 pop MailScanner[1235]: Cleaned: Delivered 1 cleaned messages
As you can see above, it's the "NAME" of the file that's the problem, not the actual file. The above files are perfectly fine and virus free. However, the server is refusing to deliver. I even added .doc and .pdf to the filename.rules.conf file and white-listed the sender... still, the files come through as attached warnings text files only.
HELP!!!!
Thanks.
Scott
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Opencomputing-openprotect mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opencomputing-openprotect
-- This message has been scanned for viruses and dangerous content, and is believed to be clean.
