1. First you need to find out why the attachment was blocked. The
reason will be given either in the blocked attachment message or in the
If you have the blocked attachment message (often sent to the
original sender of the attachment), look for the text following
"Report:". There may be more than one reported reason.
If you don't have the blocked attachment message, you will need to
get the message ID of the message that had the attachment stripped. You
may be able to find this in /var/log/exim_mainlog by grepping for the
sender or recipient email address. You might also be able to find it
through MailWatch using the Report feature. Enter the message ID in the
message ID field at the top of MailWatch, and then look under
"Anti-Virus/Dangerous Content Protection". In the Report section it
should show the reason the file attachment was blocked.
Attempt to hide real filename extension (file.pdf.dat)
Windows Screensavers are often used to hide viruses (account-report.scr)
No programs allowed (account-report.scr)
Executable DOS/Windows programs are dangerous in email (product1.exe)
No programs allowed (product1.exe)
2. Login to SSH and search /usr/mailscanner/etc/filename.rules.conf
and /usr/mailscanner/etc/filetype.rules.conf for the exact text shown in
the dangerous content report. You can then edit the file to allow the
type of attachment you want to allow through. Sometimes an attachment
will be blocked by both the filename and filetype rules, in which case
you would need to edit both files. You should also edit the
corresponding archives configuration file in the same way, i.e.
archives.filename.rules.conf or archives.filetype.rules.conf.
3. Restart MailScanner.
NOTE: Be careful when editing the filetype.rules.conf file as they
are very general rules and you could end up allowing a lot of dangerous
attachments through. You might want to change the filetype rules for
only specific domains if possible, rather than all domains on the
server. See this FAQ
Also note that if it is a filetype check (rather than filename) that
has blocked the file, but you don't think that it is correct (for
example it has identified a text file as an executable), you need to
look into the Linux file command and/or magic file on your server to fix
this. This is not actually a MailScanner issue but an issue with the
way the Linux file command has interpreted the file.