Wednesday, February 19, 2014

Blocking Outbound File Attachments In MailScanner

MailScanner is a popular anti-virus/anti-spam open source package that supports several operating systems, including Linux and FreeBSD. It can be helpful for minor compliance work.

For exmaple, Company X wants to block outbound Microsoft Word Docs (both .doc and .docx) but allow people from outside to send them in. To set this up, you'll need to create a couple of files and modify the main config, Mailsca

In order to block only, say, word docs in Mailscanner, you need to do a few things.


1. add a rule to split the filename processing. On CentOS, we'll call this /etc/MailScanner/rules/filenameconf.rules

The contents are:

From:   * /etc/MailScanner/filename.mydomain.rules.conf
From:       default /etc/MailScanner/filename.rules.conf

2. copy /etc/MailScanner/filename.rules.conf to /etc/MailScanner/filename.mydomain.rules.conf

3. edit /etc/MailScanner/filename.mydomain.rules.conf and set the rules you want. To block doc/docs:

deny   \.docx?$        Windows Word Doc                                                               Word  documents may contain sensitive information or viruses

(note, the fields are tab delimited, not space delimited!)

4. modify the main config file, /etc/MailScanner/MailScanner.conf and comment out this line:

Filename Rules = %etc-dir%/filename.rules.conf

and replace it with this:

Filename Rules = %rules-dir%/filenameconf.rules

5. restart mailscanner (sudo service MailScanner restart)

No comments: