使用者工具

網站工具


tech:mailscannertips

MailScanner 技巧整理

- 正常信件出現內容誤判病毒

  • 當 UTF-8 編碼的信件出現 Warning: E-mail viruses detected
    Our e-mail content detector has just been triggered by a message you sent:
      To: [email protected]
      Subject: 2.UTF-8???????
      Date: Sun Oct 10 16:46:37 2010
    
    One or more of the attachments (msg-20952-4.txt) are on
    the list of unacceptable attachments for this site and will not have
    been delivered.
    
    Consider renaming the files to avoid this constraint.
    
    The virus detector said this about the message:
    Report: Report: MailScanner: No programs allowed (msg-20952-4.txt)
    
    
    -- MailScanner Email Virus Scanner Trysoft Corp. www.ichiayi.com For all your IT requirements visit: http://www.transtec.co.uk 
  • 需要更改 /etc/MailScanner/filetype.rules.conf 將 deny executable 前面加上# 重新啟動 MailScanner
    :
    deny    self-extract    No self-extracting archives     No self-extracting archives allowed
    #deny   executable      No executables          No programs allowed
    #EXAMPLE: deny  -       x-dosexec       No DOS executables      No DOS programs allowed
    :

- 設定信任 IP 網址避免內容出現警告釣魚網站訊息

  • 假設信任的 SMTP IP 網址為
    • 192.168.11.xx
  • 假設信任的 URL IP 網址為
    • 140.92.140.88
  • 編輯 /etc/MailScanner/MailScanner.conf
    :
    #Also Find Numeric Phishing = yes
    Also Find Numeric Phishing = %rules-dir%/phishing.rules
    :
    Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
    :
  • 編輯 /etc/MailScanner/rules/phishing.rules
    # Trust SMTP subnets
    From:   192.168.11.        no
    
    FromOrTo:       default yes
  • 編輯 /etc/MailScanner/phishing.safe.sites.conf
    :
    :
    140.92.140.88

    自動更新後仍然會保留自己加入的部份.

  • 重新載入 MailScanner 設定
    service MailScanner reload

- 設定對 Outlook 所產生無法剖析的 winmail.dat 放行

  • 這樣的設定, 要承擔當 winmail.dat 是病毒的風險問題
  • 也可以選擇關閉 outlook 產生 winmail.dat 的設定, 點這裡參考微軟的官方說明
  • 編輯 /etc/MailScanner/MailScanner.conf
    :
    # When the TNEF (winmail.dat) attachments are expanded, should the
    # attachments contained in there be added to the list of attachments in
    # the message?
    # If you set this to "add" or "replace" then recipients of messages sent
    # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments
    # if they are not using Microsoft Outlook.
    #
    # no      => Leave winmail.dat TNEF attachments alone.
    # add     => Add the contents of winmail.dat as extra attachments, but also
    #            still include the winmail.dat file itself. This will result in
    #            TNEF messages being doubled in size.
    # replace => Replace the winmail.dat TNEF attachment with the files it
    #            contains, and delete the original winmail.dat file itself.
    #            This means the message stays the same size, but is usable by
    #            non-Outlook recipients.
    #
    # This can also be the filename of a ruleset.
    Use TNEF Contents = replace
    
    # Some versions of Microsoft Outlook generate unparsable Rich Text
    # format attachments. Do we want to deliver these bad attachments anyway?
    # Setting this to yes introduces the slight risk of a virus getting through,
    # but if you have a lot of troubled Outlook users you might need to do this.
    # We are working on a replacement for the TNEF decoder.
    # This can also be the filename of a ruleset.
    Deliver Unparsable TNEF = yes
    :
  • 重新載入 MailScanner 設定
    service MailScanner reload

參考資料

tech/mailscannertips.txt · 上一次變更: 2012/05/14 17:23 由 jonathan