Hello,
I have a freebsd 4.7 email server with qmail, courier-imap, squirrelmail, clamav,
spam assassin, qmail-scanner, etc. Anyway, everything works great except zip
attactments with .exe are being blocked. Here is a snip of of
quarantine-attachments.txt file:
[snip]
.exe 0 Executable attachment too large
#
# That would ban .EXE files from your site (but would
# still allow .zip files...
#
# .mp3 0 MP3 attachments disallowed
#
# ...would stop any Email containing MP3 attachments passing.
#
# NOTE 4: No you can't use this to ban any file (i.e. *.*) that's over
# a certain size - you should
# "echo 10000000 > /var/qmail/control/databytes"
# to set the maximum SMTP message size to 10Mb.
#
# NOTE 5: The second option allows you to match on header. This would allow
# you to block Email viruses when you don't know anything else other than
# there's a wierd Subject line (or From line, or X-Spanska: header, ...).
# Note that it's a case-sensitive, REGEX string, and the system will
# automatically surround it with ^ and $ before matching. i.e. if you
# want wildcards, explicitly put them in...
#
# The string _must_be_ "Virus-" followed by the header you wish to match
# on - followed by a colon (:).
#
# e.g.
#
# Pickles.*Breakfast Virus-Subject: Fake Example Pickles virus
#
# will match "Subject: Pickles for Breakfast" - and
# not "Subject: Pickles - where did you go?"
#
#
# NOTE 6: Similar to the headers option, you can match on the mail ENVELOPE
# headers - i.e. "MAIL FROM:" and "RCPT TO:". These are identical to
# Virus-<header>, except that the header names are MAILFROM and RCPTTO only.
#
# e.g.
#
# [EMAIL PROTECTED] Virus-MAILFROM: Bad mail envelope not allowed here!
#
# NOTE 7: Another "faked" header - "Virus-TCPREMOTEIP" can be used to match
# actions against the IP address of the SMTP client.
#
EICAR.COM 69 EICAR Test Virus
Happy99.exe 10000 Happy99 Trojan
zipped_files.exe 120495 W32/ExploreZip.worm.pak virus
ILOVEYOU Virus-Subject: Love Letter Virus/Trojan
message/partial Virus-Content-Type: Message/partial MIME
attachments blocked by policy
#The following matches Date: headers that are over 100 chars in length
#these are impossible in the wild
.{100,} Virus-Date: MIME Header Buffer Overflow
.{100,} Virus-Mime-Version: MIME Header Buffer Overflow
.{100,} Virus-Resent-Date: MIME Header Buffer Overflow
#
#Let's stop that nasty BadTrans virus from uploading your keystrokes...
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
Virus-To: BadTrans
Trojan exploit!
#
# These are examples of prudent defaults to set for most sites.
# Commented out by default
.vbs 0 VBS files not allowed per Company security policy
.lnk 0 LNK files not allowed per Company security policy
.scr 0 SCR files not allowed per Company security policy
.wsh 0 WSH files not allowed per Company security policy
.hta 0 HTA files not allowed per Company security policy
.pif 0 PIF files not allowed per Company security policy
[snip]
And here is the blocked message I receive:
[message]
A Disallowed attachment type was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.
The Disallowed attachment type was reported to be:
Executable attachment too large
...
---perlscanner results ---
Disallowed attachment type 'Executable attachment too large' found in file
/var/spool/qmailscan/redhat.vipersystems.biz106285886642662617/25k9240.exe
[message]
I thought the 0 meant the message could be any size and this file was only like
460KB and it was in a zip file.
Any help would be appreciated.
--
Jason
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
