[Esd-l] Can't get Procmail-security to work...

Brad procmail at capstone.net.au
Tue Oct 23 11:28:01 PDT 2001


I have a RedHat 7.0 mail server and I am trying to get Procmail-security to
work.

I have followed the instructions on the home page for v1.130, but it still
lets .exe email attachments through. I have created /etc/procmailrc and it's
contents are:

### put this into /etc/procmailrc
DROPPRIVS=YES
LOGFILE=/var/log/procmail.log
PATH="/usr/bin:$PATH"
SHELL=/bin/sh
POISONED_EXECUTABLES=/etc/procmail/poisoned
SECURITY_NOTIFY="postmaster, brad at capstone.net.au"
SECURITY_NOTIFY_SENDER=YES
#SECURITY_NOTIFY_VERBOSE="virus-checker"
#SECURITY_QUARANTINE=/var/spool/mail/security
SECURITY_QUARANTINE=/dev/null
POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores
MANGLE_EXTENSIONS='exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|xl[wt]|p[po]t|rtf|
vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[aew]|ms[ip]|reg|
asd|
cil|pps|asx|wm[szd]'
# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail
# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_QUARANTINE=

This procmailrc file is the same as our one at work so I know that it is OK.

I have created the directory /etc/procmail and placed the html-trap.procmail
ruleset there, and I have copied our work poisoned file into /etc/procmail.
Have I missed anything?

Is this package just a script that gets called, or do I have to enable it in
some way?

Regards
Brad



More information about the esd-l mailing list