MailScanner 技巧整理
- 正常信件出現內容誤判病毒
- 當 UTF-8 編碼的信件出現 Warning: E-mail viruses detected
Our e-mail content detector has just been triggered by a message you sent: To: [email protected] Subject: 2.UTF-8??????? Date: Sun Oct 10 16:46:37 2010 One or more of the attachments (msg-20952-4.txt) are on the list of unacceptable attachments for this site and will not have been delivered. Consider renaming the files to avoid this constraint. The virus detector said this about the message: Report: Report: MailScanner: No programs allowed (msg-20952-4.txt) -- MailScanner Email Virus Scanner Trysoft Corp. www.ichiayi.com For all your IT requirements visit: http://www.transtec.co.uk
- 需要更改 /etc/MailScanner/filetype.rules.conf 將 deny executable 前面加上# 重新啟動 MailScanner
: deny self-extract No self-extracting archives No self-extracting archives allowed #deny executable No executables No programs allowed #EXAMPLE: deny - x-dosexec No DOS executables No DOS programs allowed :
- 設定信任 IP 網址避免內容出現警告釣魚網站訊息
- 假設信任的 SMTP IP 網址為
- 192.168.11.xx
- 假設信任的 URL IP 網址為
- 140.92.140.88
- 編輯 /etc/MailScanner/MailScanner.conf
: #Also Find Numeric Phishing = yes Also Find Numeric Phishing = %rules-dir%/phishing.rules : Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf :
- 編輯 /etc/MailScanner/rules/phishing.rules
# Trust SMTP subnets From: 192.168.11. no FromOrTo: default yes
- 編輯 /etc/MailScanner/phishing.safe.sites.conf
: : 140.92.140.88
自動更新後仍然會保留自己加入的部份.
- 重新載入 MailScanner 設定
service MailScanner reload
- 設定對 Outlook 所產生無法剖析的 winmail.dat 放行
- 這樣的設定, 要承擔當 winmail.dat 是病毒的風險問題
- 也可以選擇關閉 outlook 產生 winmail.dat 的設定, 點這裡參考微軟的官方說明
- 編輯 /etc/MailScanner/MailScanner.conf
: # When the TNEF (winmail.dat) attachments are expanded, should the # attachments contained in there be added to the list of attachments in # the message? # If you set this to "add" or "replace" then recipients of messages sent # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # if they are not using Microsoft Outlook. # # no => Leave winmail.dat TNEF attachments alone. # add => Add the contents of winmail.dat as extra attachments, but also # still include the winmail.dat file itself. This will result in # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it # contains, and delete the original winmail.dat file itself. # This means the message stays the same size, but is usable by # non-Outlook recipients. # # This can also be the filename of a ruleset. Use TNEF Contents = replace # Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway? # Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this. # We are working on a replacement for the TNEF decoder. # This can also be the filename of a ruleset. Deliver Unparsable TNEF = yes :
- 重新載入 MailScanner 設定
service MailScanner reload