115942@xyz.molar.is wrote:
> Greetings all - I've just joined the list as I need some help with this
> problem.
> I have 2 companies that Anomy is seeing the following - and then dropping
> the attachment -
>
> NOTE: An attachment named 115993@xyz.molar.is
> was deleted from this message because it contained a windows executableor
> other potentially dangerous file type.Contact the system administrator for
> more
> information.--0__=0ABBE4DDDFC6D8BB8f9e8a93df938690918c0ABBE4DDDFC6D8BB--
>
> The document in this message was a zipped up .doc file.
>
> I'm hoping someone else has seen this in their travels, and can give me
> some guidance.
This looks similar to the Content-ID issue we've been experiencing with
certain Mozilla mail users. Anomy is preferencing the Content-ID of the
message over the stated filename.
The author has stated he's aware of the problem, however I have yet to
see a real fix except for some pretty clever sanitizer.cfg hacks.
I've tried the following, with some success:
file_list_2_scanner = 0:19:12,13:/usr/local/bin/uvscan-sanitizer.sh
%FILENAME
file_list_2_policy = accept:save:drop:drop
file_list_2 = (?i)(.*\@.*\.com)$
-Rick
-- Rick Johnson, RHCE #807302311706007 - 115851@xyz.molar.is Linux/Network Administrator - Medata, Inc. PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc