rules no longer working

Discuss the ConfigServer MailScanner Front-End script
keat63
Junior Member
Posts: 116
Joined: 17 Dec 2014, 14:50

rules no longer working

Post by keat63 »

I've added a few file extensions to /usr/mailscanner/etc/filename.rules.conf
deny \.xls$
deny \.zip$

I've forced a rules update, i've stopped and restarted mailscanner, but these files are still allowed to pass.
I've copied rules from lines above and just modified the .xxx extension, but again, can't get this rule to work.

Any ideas please.
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: rules no longer working

Post by Sarah »

Are you sure these files are being blocked because of their file name and not because of the file type? What is the message you are seeing in MailControl?

Have you ensured that you used [tab] characters between fields in the filename.rules.conf file and not spaces?
keat63
Junior Member
Posts: 116
Joined: 17 Dec 2014, 14:50

Re: rules no longer working

Post by keat63 »

i've been trying all sorts this morning, and only just found that there may have been a space where there should have been a tab.
considering I copied and modified a rule above, can only make me think that one of the rules above has the error and I copied it.
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: rules no longer working

Post by Sarah »

Is it working now?
keat63
Junior Member
Posts: 116
Joined: 17 Dec 2014, 14:50

Re: rules no longer working

Post by keat63 »

I thought it was but still have a bit of an issue.

I'm denying xls files for the time being due to a virus attack.
But I want to allow xlsx.
However xlsx are being also blocked.

Should the allow xlsx rule be placed maybe before the deny xls one ?
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: rules no longer working

Post by Sarah »

What exactly is the MailScanner report for the blocked xslx files and the blocked xls files?
keat63
Junior Member
Posts: 116
Joined: 17 Dec 2014, 14:50

Re: rules no longer working

Post by keat63 »

Infection MailScanner: (file_name.xls)
But if I scan the attachment, the file is actually an xlsx file.
It looks like the deny .xls rule picked up on the file extension containing xls, but my allow xlsx rule didn't
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: rules no longer working

Post by Sarah »

That isn't the complete report. But it sounds like it may be detecting the filetype rather than the filename, so you need to check that and possibly modify the filetype.rules.conf and/or archives.filetype.rules.conf as well. There is a knowledgebase article that should help you identify what is actually happening:
https://support.configserver.com/en/kno ... ailscanner
keat63
Junior Member
Posts: 116
Joined: 17 Dec 2014, 14:50

Re: rules no longer working

Post by keat63 »

Quite clearly sisn't working as a zip file got through today.
All the while I thought this rule was working and it just be that the virus was detected so clamv blocked them not mailscanner.
How would I go about blocking file types
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: rules no longer working

Post by Sarah »

You'd need to find out how the file command on your server classifies the type of file, and add it to the filetype.rules.conf and archives.filetype.rules.conf files in the correct format. Check those files for more information. As far as I know, you would need to run the "file" command against the file you want to block, and put the output from that as the filetype in the second field in for your deny line in filetype.rules.conf and archives.filetype.rules.conf. From our knowledgebase article:
Also note that if it is a filetype check (rather than filename) that has blocked the file, but you don't think that it is correct (for example it has identified a text file as an executable), you need to look into the Linux file command and/or magic file on your server to fix this. This is not actually a MailScanner issue but an issue with the way the Linux file command has interpreted the file.
Post Reply