Knowledge Base » Documentation MailCleaner »

Vote

Too much VIRUS/Malwares/Trojans pass through MailCleanner

MailCleaner Support
Added over 7 years ago

Hello,

PLEASE verify first: News about virus waves because this issue is normally solved

Please verify:
Configuration -> Content Protection -> Global settings -> disable content controls in archives: Should not be checked. If this is checked, MailCleaner will NOT look for viruses inside archives.
Configuration -> Content Protection -> Global settings -> Content control maximum archive depth: Should be set to 4. All archives nested more deeply than this value are blocked. Archives nested more deeply than 4 level are strange or useless.

Attachment name and Attachment type works perfectly inside archives too IF options above are well configured.

So,
In Configuration -> Content Protection -> Attachement name, check that following extensions are enabled (blocked, lines in black)
Attachment name rules are simple, they match the regexp against the name of the file ! If they match, file is blocked.
.bat .cmd
.com .exe
.hta .mhtml
.pif .reg
.scr .vb[es]
.js (to add if not present by typing: \.js$ ).jse?
.ws[cfh]
s{10,}
{[a-hA-H0-9-]{25,}}

And in Configuration -> Content Protection -> Attachement type, check that following mime types are enabled (blocked, lines in black too)
Attachment type is "a bit more" complicated: the mime type is tested and if the human readable string contains one of the following expression, they match and are blocked. (For Linux users: file is used without options)
ELF
executable
Registry
script
self-extract

RESTART the Filtering engine: Monitoring -> Status

We re done now.
So yes you can adapt your configuration to your taste BUT try to begin by blocking all of these things (and others that come by default after install), then uncheck some things knowing exactly what you re doing. And try to keep a trace of why you did that too (good to have for diagnosis, or when you left the IT department and another IT got MailCleaner in charge).

After this, if you have to open a ticket concerning Virus/Malwares/Trojans, thanks to precise that you read this article of KB.

Best regards,
MailCleaner Team