ConfigServer Community Forum

I've added a few file extensions to /usr/mailscanner/etc/filename.rules.conf
deny \.xls$
deny \.zip$

I've forced a rules update, i've stopped and restarted mailscanner, but these files are still allowed to pass.
I've copied rules from lines above and just modified the .xxx extension, but again, can't get this rule to work.

Any ideas please.

Are you sure these files are being blocked because of their file name and not because of the file type? What is the message you are seeing in MailControl?

Have you ensured that you used [tab] characters between fields in the filename.rules.conf file and not spaces?

i've been trying all sorts this morning, and only just found that there may have been a space where there should have been a tab.
considering I copied and modified a rule above, can only make me think that one of the rules above has the error and I copied it.

Is it working now?

I thought it was but still have a bit of an issue.

I'm denying xls files for the time being due to a virus attack.
But I want to allow xlsx.
However xlsx are being also blocked.

Should the allow xlsx rule be placed maybe before the deny xls one ?

What exactly is the MailScanner report for the blocked xslx files and the blocked xls files?

Infection MailScanner: (file_name.xls)
But if I scan the attachment, the file is actually an xlsx file.
It looks like the deny .xls rule picked up on the file extension containing xls, but my allow xlsx rule didn't

That isn't the complete report. But it sounds like it may be detecting the filetype rather than the filename, so you need to check that and possibly modify the filetype.rules.conf and/or archives.filetype.rules.conf as well. There is a knowledgebase article that should help you identify what is actually happening:
https://support.configserver.com/en/kno ... ailscanner

Quite clearly sisn't working as a zip file got through today.
All the while I thought this rule was working and it just be that the virus was detected so clamv blocked them not mailscanner.
How would I go about blocking file types

You'd need to find out how the file command on your server classifies the type of file, and add it to the filetype.rules.conf and archives.filetype.rules.conf files in the correct format. Check those files for more information. As far as I know, you would need to run the "file" command against the file you want to block, and put the output from that as the filetype in the second field in for your deny line in filetype.rules.conf and archives.filetype.rules.conf. From our knowledgebase article:

Also note that if it is a filetype check (rather than filename) that has blocked the file, but you don't think that it is correct (for example it has identified a text file as an executable), you need to look into the Linux file command and/or magic file on your server to fix this. This is not actually a MailScanner issue but an issue with the way the Linux file command has interpreted the file.