ConfigServer Services HelpDesk
Server Management Services from Way to The Web Ltd
ConfigServer Home Page

How do I allow through a particular kind of file attachment so it is not blocked by MailScanner?

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
1. First you need to find out why the attachment was blocked. The reason will be given either in the blocked attachment message or in the MailWatch report.

If you have the blocked attachment message (often sent to the original sender of the attachment), look for the text following "Report:". There may be more than one reported reason.

If you don't have the blocked attachment message, you will need to get the message ID of the message that had the attachment stripped. You may be able to find this in /var/log/exim_mainlog by grepping for the sender or recipient email address. You might also be able to find it through MailWatch using the Report feature. Enter the message ID in the message ID field at the top of MailWatch, and then look under "Anti-Virus/Dangerous Content Protection". In the Report section it should show the reason the file attachment was blocked.

Examples:

Attempt to hide real filename extension (file.pdf.dat)
Windows Screensavers are often used to hide viruses (account-report.scr)
No programs allowed (account-report.scr)
Executable DOS/Windows programs are dangerous in email (product1.exe)
No programs allowed (product1.exe)
2. Login to SSH and search /usr/mailscanner/etc/filename.rules.conf and /usr/mailscanner/etc/filetype.rules.conf for the exact text shown in the dangerous content report. You can then edit the file to allow the type of attachment you want to allow through. Sometimes an attachment will be blocked by both the filename and filetype rules, in which case you would need to edit both files. You should also edit the corresponding archives configuration file in the same way, i.e. archives.filename.rules.conf or archives.filetype.rules.conf.

3. Restart MailScanner.

NOTE: Be careful when editing the filetype.rules.conf file as they are very general rules and you could end up allowing a lot of dangerous attachments through. You might want to change the filetype rules for only specific domains if possible, rather than all domains on the server. See this FAQ for information.

Also note that if it is a filetype check (rather than filename) that has blocked the file, but you don't think that it is correct (for example it has identified a text file as an executable), you need to look into the Linux file command and/or magic file on your server to fix this. This is not actually a MailScanner issue but an issue with the way the Linux file command has interpreted the file.

Share via

Related Articles


Self-Hosted Help Desk Software by SupportPal
© ConfigServer Services