I have a anomy filter defanging attachments on my mail. Problem is that
there is an accountant firm that keeps sending outlook mail (RTF) that
is identified as winmal.dat.
I do not want to drop these mails though they get defanged by my
configuration.
Here is my config (for file dropping):
file_list_1 = (?i)(winmail\.dat
file_list_1 +=
|\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf
file_list_1 +=
|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
file_list_1_policy = drop
file_list_1_scanner = 0
I found this in the manual:
It is rather important to block Microsoft application/ms-tnef files,
which are usually named "winmail.dat". The TNEF encoding is currently
not understood by the sanitizer, which means it can easily be used to
smuggle malicious attachments past the sanitizer unless it is blocked.
But the problem is when I need to let these trough .. what then?
Best regards
Stian B. Barmen