This often happens because the file has a double file extension, such as file.com.pdf or filename.xml.doc. In MailWatch or the notification that is sent to the sender you will see this reason given:
Attempt to hide real filename extension (file.pdf.dat)
(See this article for help on how to determine why MailScanner is blocking an attachment:
https://support.configserver.com/knowledgebase/art...)You
should be aware that senders of viruses may use this to try to conceal
the actual filetype so that dangerous attachments get through a mail
filtering system.
If you want to configure MailScanner to stop blocking
any files with this issue for
all domains on the server, then do the following:
1.
Login to ssh and edit the file
/usr/mailscanner/etc/filename.rules.conf. Find the line that blocks
double file extensions. It will look something like this:
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension
2. Change the "deny" to allow", save the file, and restart MailScanner.
On the other hand, if you want to configure MailScanner to continue blocking most files with double extensions but allow certain ones, see this article:
https://support.configserver.com/knowledgebase/art...
Finally, if
you want to allow this type of attachment for only some domains on the
server but not all of them, then you will need to create a rules file as
well as create a new filename configuration file. See this article for
guidance:
https://support.configserver.com/knowledgebase/art...
