[TriLUG] MailScanner Question

Jon Carnes jonc at nc.rr.com
Tue Oct 28 02:34:08 EST 2003 

On Mon, 2003-10-27 at 21:33, Stephen Hoffman wrote:
> I saw a post here a while back with someone asking about MailScanner, I
> had not heard of it at that point, but recently saw it in action and was
> blown away by it.  I have since installed and configred it, but I am at an
> impass.  It is scanning wonderfully...I am slowly tweaking the rules, but
> the problem is I am trying to send a file that was filtered by MailScanner
> because it was a .exe.  Now getting the attachment to the user wasn't a
> problem, I just moved it to the users home directory, but it got me
> thinking, I intend to install this on other machines where I don't
> neccessarily want the users to have shell access.  I attempted to email
> offending attachment to someone...but low and behold it was filtered...so
> my question is...how do I get attachment (html email, clean/legitimate
> files) to the people who need them?
> 
> Thanks,
> Steve

Steve,

Mailscanner is an email policy enforcer.  You have chosen as a policy to
not allow executables to be sent via email (a wise policy!).  You might
want to further refine that policy and insist that all valid executables
be sent as Zipped files (*.zip).

Zipped files are not auto-executed by MS email (at least not yet!), so
this gives you a valid vector for sending executables, and maintains
your Mail Policy of no executables being sent via email.  I have this
rule in affect for most of my clients that run MailScanner.

Additionally you have chosen to Quarantine executables that are sent...
You can store these Quarantined emails in queue format (one of
MailScanner's options) and then parse through the Quarantined mails. Any
legitimate mail can simply be dragged and dropped into the
/var/spool/mqueue directory - and it will then be delivered normally.  

Note: you can also create whitelists of users (or even filenames) that
are allowed to pass through MailScanner unmolested.  I don't recommend
this - a virus-laden email can easily masquerade a persons email
address.

Note2: I have seen some add-on scripts (written by other admins) that
send a daily summary of Quarantined mail held for an end user. The
summary contains links that allow the user to browse their Quarantined
messages and then choose to dump the message or have it sent on to them.

I hope that is helpful!  Take care - Jon Carnes

More information about the TriLUG mailing list