Actually my problem wasnt just exe file. No I didnt reinvent wheel :) How will you block *all* Videos, Audio, Binary ?
I have never seen it working like mentioned documentation say. Answer to yours "another question"Detect real mime type and decide whenever you block it or not... regardless mime declaration.
Its also wise to check if detected type match declared type.When QS block something due to policy, it usually stay at .../qscand/quarantine/policy/new It may also notify sender, recipient or both. Its pitty it doesnt use SA_FORWARD for policy quarantine.
Please post output from your qmail-queue.log if you believe, that QS misbehave.
cheers Tomas On 03/23/2011 05:06 PM, Ethy H. Brito wrote:
On Wed, 23 Mar 2011 16:46:41 +0100 Tomas Charvat<t...@excello.cz> wrote:Did you i got right, that you are trying to detect renamed extension by its extension ? ummm... sounds like mission impossible to me.I am not reinventing the wheel. from qmail-scanner home page: windows executable attachments that aren't marked as being of MIME type "application/....." are blocked (e.g. renaming notepade.exe to notepade.gif and sending it as a GIF attachment would be quarantined, as Qmail-Scanner would realise it's an executable pretending to be something else). Hmmm. That lead to another question. What if I rename notepad.exe to notepad.txt and attached it as an "application/octet-stream" and .exe SIZE=-1 EXE files not allowed per Company security policy is on quarantine-events??? What should QS do?? Block it or deliver it? In my setup, it is delivering it and IMHO it shouldn´t. Regards Ethy ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
