MailScanner

Popular Threads From MailScanner:

Docx problems

MailScanner ANNOUNCE: Dropoff

FileType rules show executable even though file shows data -- Please help fix.

New beta release 4.81.2

Spam from same email ID.

List Statistics

Total Threads: 847
Total Posts: 1912

Phrases Used to Find This Thread

Page 1 of 1

17-05-2010 05:30 PM

MailScanner member admin is online now

User

18-05-2010 12:18 PM

MailScanner member admin is online now

User

18-05-2010 09:02 PM

MailScanner member admin is online now

User

18-05-2010 10:29 PM

MailScanner member admin is online now

User

18-05-2010 10:30 PM

MailScanner member admin is online now

User

21-05-2010 10:30 AM

MailScanner member admin is online now

User

21-05-2010 11:43 AM

MailScanner member admin is online now

User

21-05-2010 12:34 PM

MailScanner member admin is online now

User

22-05-2010 10:06 PM

MailScanner member admin is online now

User

#10

22-05-2010 10:07 PM

MailScanner member admin is online now

User

#11

27-05-2010 07:59 PM

MailScanner member admin is online now

User

#12

27-05-2010 09:17 PM

MailScanner member admin is online now

User

#13

27-05-2010 09:34 PM

MailScanner member admin is online now

User

#14

27-05-2010 09:48 PM

MailScanner member admin is online now

User

Hello,
This appears to be a new problem for me.
I am seeing emails with .docx files attached tagged as a bad filename with this message.

Quarantine: /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
Report: MailScanner: No programs allowed (font10.odttf)
Report: MailScanner: No programs allowed (font10.odttf)

I tried to add a line to the archives.filename.rules.conf to allow the .odttf, but that did not seem to work.

I did not find anything with google for "mailscanner and odttf", but I can't imagine this is new.

The .odttf files live a few dirs down
file.docx-->word-->fonts-->fontx.odttf

Thank you,
Brett

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) The "No programs allowed" error occurs in filetype.rules.conf and
archives.filetype.rules.conf, so that is where you need to allow them.
Basically you're probably going to have to comment out the "No programs
allowed" rule in archives.filetype.rules.conf.
The other option is to use the MIME type reporting (the optional extra
field in each line, read the docs at the top of the file), and find out
what a "file -i" reports for one of those odttf files, and allow that
instead. That way you can keep the "No programs allowed" line as well,
just put your new "allow" line above it.

Hope that helps!

Jules.

On 17/05/2010 17:30, Brett Moss wrote:
> Hello,
> This appears to be a new problem for me.
> I am seeing emails with .docx files attached tagged as a bad filename with this message.
>
> Quarantine: /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
> Report: MailScanner: No programs allowed (font10.odttf)
> Report: MailScanner: No programs allowed (font10.odttf)
>
> I tried to add a line to the archives.filename.rules.conf to allow the .odttf, but that did not seem to work.
>
> I did not find anything with google for "mailscanner and odttf", but I can't imagine this is new.
>
> The .odttf files live a few dirs down
> file.docx-->word-->fonts-->fontx.odttf
>
> Thank you,
> Brett
>
>
>
>

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) > The "No programs allowed" error
> occurs in filetype.rules.conf and
> archives.filetype.rules.conf, so that is where you need to
> allow them.
> Basically you're probably going to have to comment out the
> "No programs allowed" rule in archives.filetype.rules.conf.
> The other option is to use the MIME type reporting (the
> optional extra field in each line, read the docs at the top
> of the file), and find out what a "file -i" reports for one
> of those odttf files, and allow that instead. That way you
> can keep the "No programs allowed" line as well, just put
> your new "allow" line above it.
>
> Hope that helps!
>
> Jules.
>

Hello Jules,
I must be doing something wrong.
The results of a file -i are

file -i font10.odttf
font10.odttf: application/octet-stream

So, I placed the following line in both the archives.filetype.rules.conf and filetype.rules.conf above the line
deny executable No executables No programs allowed

allow - application/octet-stream - -

All spaces are tabs. I restarted MailScanner and the message is still blocked.

>From what I saw in the archives, the format looks correct, but obviously it is not. Any suggestions please?

Thank you,
Brett

> On 17/05/2010 17:30, Brett Moss wrote:
> > Hello,
> > This appears to be a new problem for me.
> > I am seeing emails with .docx files attached tagged as
> a bad filename with this message.
> >
> > Quarantine:
> /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
> >� � � Report: MailScanner: No programs
> allowed (font10.odttf)
> >� � � Report: MailScanner: No programs
> allowed (font10.odttf)
> >
> > I tried to add a line to the
> archives.filename.rules.conf to allow the .odttf, but that
> did not seem to work.
> >
> > I did not find anything with google for "mailscanner
> and odttf", but I can't imagine this is new.
> >
> > The .odttf files live a few dirs down
> > file.docx-->word-->fonts-->fontx.odttf
> >
> > Thank you,
> > Brett
> >
> >
> >
> >� �
>
> Jules
>
> -- Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from
> your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
> B654
> Follow me at twitter.com/JulesFM and
> twitter.com/MailScanner
>
>
> -- This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- MailScanner mailing list
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the
> website!

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) > well, just put your new "allow" line above it.
>

-----Original Message-----
Sent: Tuesday, May 18, 2010 4:02 PM
Subject: Re: docx problems

> The "No programs allowed" error
> occurs in filetype.rules.conf and
> archives.filetype.rules.conf, so that is where you need to
> allow them.
> Basically you're probably going to have to comment out the
> "No programs allowed" rule in archives.filetype.rules.conf.
> The other option is to use the MIME type reporting (the
> optional extra field in each line, read the docs at the top
> of the file), and find out what a "file -i" reports for one
> of those odttf files, and allow that instead. That way you
> can keep the "No programs allowed" line as well, just put
> your new "allow" line above it.
>
> Hope that helps!
>
> Jules.
>

Hello Jules,
I must be doing something wrong.
The results of a file -i are

file -i font10.odttf
font10.odttf: application/octet-stream

So, I placed the following line in both the archives.filetype.rules.conf and filetype.rules.conf above the line
deny executable No executables No programs allowed

allow - application/octet-stream - -

All spaces are tabs. I restarted MailScanner and the message is still blocked.

>From what I saw in the archives, the format looks correct, but obviously it is not. Any suggestions please?

Thank you,
Brett

> On 17/05/2010 17:30, Brett Moss wrote:
> > Hello,
> > This appears to be a new problem for me.
> > I am seeing emails with .docx files attached tagged as
> a bad filename with this message.
> >
> > Quarantine:
> /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
> >� � � Report: MailScanner: No programs
> allowed (font10.odttf)
> >� � � Report: MailScanner: No programs
> allowed (font10.odttf)
> >
> > I tried to add a line to the
> archives.filename.rules.conf to allow the .odttf, but that
> did not seem to work.
> >
> > I did not find anything with google for "mailscanner
> and odttf", but I can't imagine this is new.
> >
> > The .odttf files live a few dirs down
> > file.docx-->word-->fonts-->fontx.odttf
> >
> > Thank you,
> > Brett
> >
> >
> >
> >� �
>
> Jules
>
> -- Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from
> your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
> B654
> Follow me at twitter.com/JulesFM and
> twitter.com/MailScanner
>
>
> -- This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- MailScanner mailing list
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the
> website!

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
ignore my last email

-----Original Message-----
Sent: Tuesday, May 18, 2010 4:02 PM
Subject: Re: docx problems

> The "No programs allowed" error
> occurs in filetype.rules.conf and
> archives.filetype.rules.conf, so that is where you need to
> allow them.
> Basically you're probably going to have to comment out the
> "No programs allowed" rule in archives.filetype.rules.conf.
> The other option is to use the MIME type reporting (the
> optional extra field in each line, read the docs at the top
> of the file), and find out what a "file -i" reports for one
> of those odttf files, and allow that instead. That way you
> can keep the "No programs allowed" line as well, just put
> your new "allow" line above it.
>
> Hope that helps!
>
> Jules.
>

Hello Jules,
I must be doing something wrong.
The results of a file -i are

file -i font10.odttf
font10.odttf: application/octet-stream

So, I placed the following line in both the archives.filetype.rules.conf and filetype.rules.conf above the line
deny executable No executables No programs allowed

allow - application/octet-stream - -

All spaces are tabs. I restarted MailScanner and the message is still blocked.

>From what I saw in the archives, the format looks correct, but obviously it is not. Any suggestions please?

Thank you,
Brett

> On 17/05/2010 17:30, Brett Moss wrote:
> > Hello,
> > This appears to be a new problem for me.
> > I am seeing emails with .docx files attached tagged as
> a bad filename with this message.
> >
> > Quarantine:
> /var/spool/MailScanner/quarantine/20100517/o4HG7hpC008615
> >� � � Report: MailScanner: No programs
> allowed (font10.odttf)
> >� � � Report: MailScanner: No programs
> allowed (font10.odttf)
> >
> > I tried to add a line to the
> archives.filename.rules.conf to allow the .odttf, but that
> did not seem to work.
> >
> > I did not find anything with google for "mailscanner
> and odttf", but I can't imagine this is new.
> >
> > The .odttf files live a few dirs down
> > file.docx-->word-->fonts-->fontx.odttf
> >
> > Thank you,
> > Brett
> >
> >
> >
> >� �
>
> Jules
>
> -- Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from
> your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
> B654
> Follow me at twitter.com/JulesFM and
> twitter.com/MailScanner
>
>
> -- This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- MailScanner mailing list
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the
> website!

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
On 19/05/2010 06:56, John Wil**** wrote:
> Le 18/05/2010 13:18, Julian Field a �crit :
>> The "No programs allowed" error occurs in filetype.rules.conf and
>> archives.filetype.rules.conf, so that is where you need to allow them.
>> Basically you're probably going to have to comment out the "No programs
>> allowed" rule in archives.filetype.rules.conf.
>> The other option is to use the MIME type reporting (the optional extra
>> field in each line, read the docs at the top of the file), and find out
>> what a "file -i" reports for one of those odttf files, and allow that
>> instead. That way you can keep the "No programs allowed" line as well,
>> just put your new "allow" line above it.
>
> I've been seeing similar problems to the OP with various file types
> inside archives, but I've also noticed Clamd::ERROR:: Access denied.
> messages in the logs despite using 4.80.4. I haven't had time to
> investigate in detail, but I suspect that the "No programs allowed" is
> just a symptom of a problem similar to the one you fixed for Access
> denied on --lint with clamd 0.96.
I can't find this one :-(
All the permissions on files within archives are correct for clamd.
The perms fix in 4.80.4 only affected --lint as that was the only place
it was wrong.

The "No programs allowed" is totally separate from anything to do with
Clamd.

What MTA are you using?

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
What are your
Incoming Work User =
Incoming Work Group =
Incoming Work Permissions =

and what virus scanners are you using?

Thanks,
Jules.

On 21/05/2010 10:45, John Wil**** wrote:
> Le 21/05/2010 11:30, Julian Field a �crit :
>> All the permissions on files within archives are correct for clamd.
>> The perms fix in 4.80.4 only affected --lint as that was the only place
>> it was wrong.
>>
>> The "No programs allowed" is totally separate from anything to do with
>> Clamd.
>
> That's what I would have thought, but I'm getting clamd access denied
> messages for exactly the same files that are being reported as "No
> programs allowed", so thought it was worth mentioning.
>
>> What MTA are you using?
>
> Postfix 2.6.5, with clamav 0.96, perl 5.8 on gentoo. Perl module
> versions listed below.
>
> If you want access to one of my boxes, let me know offlist.
>
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.80.4
> Module versions are:
> 1.00 AnyDBM_File
> 1.30 Archive::Zip
> 0.17 bignum
> 1.04 Carp
> 2.021 Compress::Zlib
> 1.119 Convert::BinHex
> 0.17 Convert::TNEF
> 2.121_08 Data::Dumper
> 2.27 Date::Parse
> 1.00 DirHandle
> 1.05 Fcntl
> 2.74 File::Basename
> 2.09 File::Copy
> 2.01 FileHandle
> 1.08 File::Path
> 0.22 File::Temp
> 0.92 Filesys::Df
> 3.64 HTML::Entities
> 3.64 HTML::Parser
> 3.57 HTML::TokeParser
> 1.25 IO
> 1.14 IO::File
> 1.13 IO::Pipe
> 2.06 Mail::Header
> 1.77 Math::BigInt
> 0.15 Math::BigRat
> 3.08 MIME::Base64
> 5.427 MIME::Decoder
> 5.427 MIME::Decoder::UU
> 5.427 MIME::Head
> 5.427 MIME::Parser
> 3.08 MIME::QuotedPrint
> 5.427 MIME::Tools
> 0.11 Net::CIDR
> 1.25 Net::IP
> 0.19 OLE::Storage_Lite
> 1.04 Pod::Escapes
> 3.07 Pod::Simple
> 1.09 POSIX
> 1.21 Scalar::Util
> 1.78 Socket
> 2.20 Storable
> 1.4 Sys::Hostname::Long
> 0.27 Sys::Syslog
> 1.42 Test::Pod
> 0.94 Test::Simple
> 1.9719 Time::HiRes
> 1.02 Time::localtime
>
> Optional module versions are:
> 1.54 Archive::Tar
> 0.17 bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.82 DB_File
> 1.14 DBD::SQLite
> 1.609 DBI
> 1.16 Digest
> 1.01 Digest::HMAC
> 2.39 Digest::MD5
> 2.12 Digest::SHA1
> 1.01 Encode::Detect
> 0.17016 Error
> 0.2603 ExtUtils::CBuilder
> 2.2203 ExtUtils::Par****S
> 2.38 Getopt::Long
> missing Inline
> 1.08 IO::String
> 1.09 IO::Zlib
> 2.23 IP::Country
> missing Mail::ClamAV
> 3.003001 Mail::SpamAssassin
> v2.007 Mail::SPF
> missing Mail::SPF::Query
> 0.340201 Module::Build
> 0.20 Net::CIDR::Lite
> 0.65 Net::DNS
> v0.003 Net::DNS::Resolver::Programmable
> missing Net::LDAP
> 4.028 NetAddr::IP
> 1.94 Parse::RecDescent
> missing SAVI
> 3.17 Test::Harness
> missing Test::Manifest
> 2.0.0 Text::Balanced
> 1.38 URI
> 0.7702 version
> 0.71 YAML
>
>
> John.
>

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
On 21/05/2010 12:04, John Wil**** wrote:
> Le 21/05/2010 12:43, Julian Field a �crit :
>> What are your
>> Incoming Work User =
>> Incoming Work Group =
>> Incoming Work Permissions =
>>
>> and what virus scanners are you using?
>
> Incoming Work User =
> Incoming Work Group = clamav
> Incoming Work Permissions = 0640
> Virus Scanners = clamd
>
> (and, although you didn't ask, but as it is interrelated with Incoming
> Work User/Group)
>
> Run As User = postfix
> Run As Group = apache
>
Thanks for that lot. Is "apache" a member of the "clamav" group in
/etc/group or anything like that?

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
I still can't find the problem. All the files extracted from any zips
are created with the correct permissions. I really can't see what can be
going wrong :-(

On 21/05/2010 12:04, John Wil**** wrote:
> Le 21/05/2010 12:43, Julian Field a �crit :
>> What are your
>> Incoming Work User =
>> Incoming Work Group =
>> Incoming Work Permissions =
>>
>> and what virus scanners are you using?
>
> Incoming Work User =
> Incoming Work Group = clamav
> Incoming Work Permissions = 0640
> Virus Scanners = clamd
>
> (and, although you didn't ask, but as it is interrelated with Incoming
> Work User/Group)
>
> Run As User = postfix
> Run As Group = apache
>
> John.
>

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
On 21/05/2010 10:45, John Wil**** wrote:
> Le 21/05/2010 11:30, Julian Field a �crit :
>> All the permissions on files within archives are correct for clamd.
>> The perms fix in 4.80.4 only affected --lint as that was the only place
>> it was wrong.
>>
>> The "No programs allowed" is totally separate from anything to do with
>> Clamd.
>
> That's what I would have thought, but I'm getting clamd access denied
> messages for exactly the same files that are being reported as "No
> programs allowed", so thought it was worth mentioning.
If you can give me a message that re-creates the problem, that would be
great, as I just can't find it.
>
>> What MTA are you using?
>
> Postfix 2.6.5, with clamav 0.96, perl 5.8 on gentoo. Perl module
> versions listed below.
>
> If you want access to one of my boxes, let me know offlist.
>
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.80.4
> Module versions are:
> 1.00 AnyDBM_File
> 1.30 Archive::Zip
> 0.17 bignum
> 1.04 Carp
> 2.021 Compress::Zlib
> 1.119 Convert::BinHex
> 0.17 Convert::TNEF
> 2.121_08 Data::Dumper
> 2.27 Date::Parse
> 1.00 DirHandle
> 1.05 Fcntl
> 2.74 File::Basename
> 2.09 File::Copy
> 2.01 FileHandle
> 1.08 File::Path
> 0.22 File::Temp
> 0.92 Filesys::Df
> 3.64 HTML::Entities
> 3.64 HTML::Parser
> 3.57 HTML::TokeParser
> 1.25 IO
> 1.14 IO::File
> 1.13 IO::Pipe
> 2.06 Mail::Header
> 1.77 Math::BigInt
> 0.15 Math::BigRat
> 3.08 MIME::Base64
> 5.427 MIME::Decoder
> 5.427 MIME::Decoder::UU
> 5.427 MIME::Head
> 5.427 MIME::Parser
> 3.08 MIME::QuotedPrint
> 5.427 MIME::Tools
> 0.11 Net::CIDR
> 1.25 Net::IP
> 0.19 OLE::Storage_Lite
> 1.04 Pod::Escapes
> 3.07 Pod::Simple
> 1.09 POSIX
> 1.21 Scalar::Util
> 1.78 Socket
> 2.20 Storable
> 1.4 Sys::Hostname::Long
> 0.27 Sys::Syslog
> 1.42 Test::Pod
> 0.94 Test::Simple
> 1.9719 Time::HiRes
> 1.02 Time::localtime
>
> Optional module versions are:
> 1.54 Archive::Tar
> 0.17 bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.82 DB_File
> 1.14 DBD::SQLite
> 1.609 DBI
> 1.16 Digest
> 1.01 Digest::HMAC
> 2.39 Digest::MD5
> 2.12 Digest::SHA1
> 1.01 Encode::Detect
> 0.17016 Error
> 0.2603 ExtUtils::CBuilder
> 2.2203 ExtUtils::Par****S
> 2.38 Getopt::Long
> missing Inline
> 1.08 IO::String
> 1.09 IO::Zlib
> 2.23 IP::Country
> missing Mail::ClamAV
> 3.003001 Mail::SpamAssassin
> v2.007 Mail::SPF
> missing Mail::SPF::Query
> 0.340201 Module::Build
> 0.20 Net::CIDR::Lite
> 0.65 Net::DNS
> v0.003 Net::DNS::Resolver::Programmable
> missing Net::LDAP
> 4.028 NetAddr::IP
> 1.94 Parse::RecDescent
> missing SAVI
> 3.17 Test::Harness
> missing Test::Manifest
> 2.0.0 Text::Balanced
> 1.38 URI
> 0.7702 version
> 0.71 YAML
>
>
> John.
>

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
> I still can't find the problem. All the files extracted from any zips
> are created with the correct permissions. I really can't see what can
> be going wrong :-(

Hey folks,

I updated to 4.79.11 on the weekend and I'm running into a similar
problem. Files extracted from zip's are being set with wonky
permissions, despite what's defined in MailScanner.conf. As a result,
Clamd can't scan them, and MailScanner can't delete the files from the
incoming folder as it removed its own write permissions.. so they just
get repeatedly scanned and error out until I erase them. For some odd
reason, the files are being created as 1130.

I'm also running into the 'No programs allowed' error with JPG's within
zip files, even though running 'file' on the files directly in the
incoming folder doesn't return anything that's matched by one of the
denies.

(permissions on files attached directly in messages)
# find /var/spool/MailScanner/incoming -ls
12073626 8 -rw-r----- 1 postfix clamav 5416 May 27 14:31
/var/spool/MailScanner/incoming/27898/61F3A746506.00000/nimage001.jpg
12073624 8 -rw-r----- 1 postfix clamav 5416 May 27 14:31
/var/spool/MailScanner/incoming/27898/61F3A746506.00000/nimage002-1.jpg
12073622 8 -rw-r----- 1 postfix clamav 5416 May 27 14:31
/var/spool/MailScanner/incoming/27898/61F3A746506.00000/nimage002.jpg

(permissions on files extracted from zips)
# find /var/spool/MailScanner/incoming -ls
12124279 16 ---x-wx--T 1 postfix clamav 13699 May 27 11:30
/var/spool/MailScanner/incoming/28979/8C274746532.00000/zDSC02393.jpg
12124278 4 ---x-wx--T 1 postfix clamav 82 May 27 11:30
/var/spool/MailScanner/incoming/28979/8C274746532.00000/z._DSC02392.jpg
12124277 20 ---x-wx--T 1 postfix clamav 18810 May 27 11:30
/var/spool/MailScanner/incoming/28979/8C274746532.00000/zDSC02392.jpg
12124276 4 ---x-wx--T 1 postfix clamav 82 May 27 11:29
/var/spool/MailScanner/incoming/28979/8C274746532.00000/z._DSC02391.jpg

Incoming Work User =
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Run As User = postfix
Run As Group = postfix

MTA is Postfix 2.3.3; OS is CentOS 5.5, using the MailScanner gold RPM
repo.

Thanks,
-Joshua
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) Hey Jules,

I found some more details for you. This appears to only affect zip
files created by a Linux or Unix variant (at least in my case). Window's
zips work fine. Here's a zip file with the MS logo, which triggers this
bug on my version: http://joshua.ca/ms.zip

$ zipinfo ms.zip
Archive: ms.zip 13548 bytes 1 file
-rw-rw-r-- 2.3 unx 22599 bx defX 1-May-06 21:26
mailscanner_logo.jpg
1 file, 22599 bytes uncompressed, 13376 bytes compressed: 40.8%

# find /var/spool/MailScanner/incoming -name "*mailscanner_logo*" -ls
12568744 24 ---x-wx--T 1 postfix clamav 22599 May 1 2006
/var/spool/MailScanner/incoming/28462/711EB74654C.00000/zmailscanner_log
o.jpg

May 27 16:10:19 psimf001 MailScanner[28462]: Filetype Checks: No
executables (711EB74654C.00000 )
May 27 16:10:19 psimf001 MailScanner[28462]: Clamd::ERROR:: Access
denied. ERROR :: ./711EB74654C.00000/zmailscanner_logo.jpg

Quarantine: /var/data/MailStore/partnersolutions.ca,
/var/data/quarantine/20100527/711EB74654C.00000
Report: MailScanner: No programs allowed (exec)
(mailscanner_logo.jpg)
Report: MailScanner: No programs allowed (exec)
(mailscanner_logo.jpg)

Cheers,
-Joshua
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) Also... your "No programs allowed" error is a by product of the
permissions problem:

$ file ms.zip
ms.zip: Zip archive data, at least v2.0 to extract
$ chmod 1130 ms.zip
$ ls -l ms.zip
---x-wx--T 1 hirshj hirshj 13548 May 27 16:30 ms.zip
$ file ms.zip
ms.zip: sticky writable, executable, regular file, no read permission

Cheers,
-Joshua
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) > There must be something else common to your setup and mine but not to
> Julian's test box. Obvious culprits would seem to be perl itself (I
> have
> 5.8.8) and the Archive::Zip module (I have 1.30).
>
> John.

Hope this helps..

# rpm -q postfix fsl-perl-Archive-Zip perl
postfix-2.3.3-2.1.el5_2
fsl-perl-Archive-Zip-1.24-1
perl-5.8.8-27.el5

# MailScanner -v
Running on
Linux psimf001.partnersolutions.ca 2.6.18-194.3.1.el5PAE #1 SMP Thu May
13 13:48:44 EDT 2010 i686 athlon i386 GNU/Linux
This is CentOS release 5.5 (Final)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.79.11
Module versions are:
1.00 AnyDBM_File
1.24 Archive::Zip
0.17 bignum
1.04 Carp
2.015 Compress::Zlib
1.119 Convert::BinHex
0.17 Convert::TNEF
2.121_08 Data::Dumper
2.27 Date::Parse
1.00 DirHandle
1.05 Fcntl
2.74 File::Basename
2.09 File::Copy
2.01 FileHandle
2.04 File::Path
0.20 File::Temp
0.92 Filesys::Df
1.35 HTML::Entities
3.56 HTML::Parser
2.37 HTML::TokeParser
1.23 IO
1.14 IO::File
1.13 IO::Pipe
2.04 Mail::Header
1.89 Math::BigInt
0.15 Math::BigRat
3.07 MIME::Base64
5.427 MIME::Decoder
5.427 MIME::Decoder::UU
5.427 MIME::Head
5.427 MIME::Parser
3.07 MIME::QuotedPrint
5.427 MIME::Tools
0.11 Net::CIDR
1.25 Net::IP
0.16 OLE::Storage_Lite
missing Pod::Escapes
missing Pod::Simple
1.09 POSIX
1.19 Scalar::Util
1.78 Socket
2.18 Storable
1.4 Sys::Hostname::Long
0.26 Sys::Syslog
missing Test::Pod
0.62 Test::Simple
1.9715 Time::HiRes
1.02 Time::localtime

Optional module versions are:
1.38 Archive::Tar
0.17 bignum
missing Business::ISBN
missing Business::ISBN::Data
1.11 Data::Dump
1.817 DB_File
1.14 DBD::SQLite
1.607 DBI
1.14 Digest
1.01 Digest::HMAC
2.36 Digest::MD5
2.11 Digest::SHA1
1.01 Encode::Detect
0.17015 Error
missing ExtUtils::CBuilder
missing ExtUtils::Par****S
2.37 Getopt::Long
0.44 Inline
missing IO::String
1.09 IO::Zlib
2.25 IP::Country
missing Mail::ClamAV
3.002005 Mail::SpamAssassin
v2.006 Mail::SPF
missing Mail::SPF::Query
missing Module::Build
missing Net::CIDR::Lite
0.63 Net::DNS
missing Net::DNS::Resolver::Programmable
missing Net::LDAP
4.007 NetAddr::IP
missing Parse::RecDescent
missing SAVI
2.56 Test::Harness
missing Test::Manifest
1.95 Text::Balanced
1.37 URI
0.76 version
missing YAML
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)

#15

28-05-2010 09:11 AM

MailScanner member admin is online now

User

#16

28-05-2010 09:16 AM

MailScanner member admin is online now

User

#17

28-05-2010 09:26 AM

MailScanner member admin is online now

User

#18

28-05-2010 11:34 AM

MailScanner member admin is online now

User

#19

28-05-2010 12:20 PM

MailScanner member admin is online now

User

#20

28-05-2010 11:39 PM

MailScanner member admin is online now

User

Page 1 of 1

NewsArc Lists | Culture Pages | Computing Archive | Media-Pages

Link to this page on your blog or website by copying the HTML code below and pasting it into your site:

Next Thread »