[Esd-l] Still can't get Procmail-security to work - I am stumped

Brad procmail at capstone.net.au
Tue Dec 18 09:03:01 PST 2001 

I have a Red Hat 7.0 mail server and I have been unable to get
Procmail-security to work. I am testing it by sending myself an email with
an .exe attachment, and the email is arriving with no problems. :-(
Have I missed something?

My /etc/sendmail.cf file:

Mlocal,         P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9,
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                T=DNS/RFC822/X-Unix,
                A=procmail -Y -a $h -d $u


I have created an /etc/procmailrc:

DROPPRIVS=YES
LOGFILE=/var/log/procmail.log
PATH="/usr/bin:$PATH"
SHELL=/bin/sh
POISONED_EXECUTABLES=/etc/procmail/poisoned
SECURITY_NOTIFY="postmaster, brad at capstone.net.au"
SECURITY_NOTIFY_SENDER=YES
#SECURITY_NOTIFY_VERBOSE="virus-checker"
#SECURITY_QUARANTINE=/var/spool/mail/security
SECURITY_QUARANTINE=/dev/null
POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores
MANGLE_EXTENSIONS='exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|xl[wt]|p[po]t|rtf|
vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[aew]|ms[ip]|reg|
asd|
cil|pps|asx|wm[szd]'
# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail
# Reset some things to avoid leaking info to
# the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_QUARANTINE=


The /etc/procmail directory permissions:

4 drwxr-xr-x    3 root     root         4096 Oct 24 03:51 procmail


/etc/procmail contents:

44 -rwxr-xr-x    1 root     root        41552 Oct 24 02:46
html-trap.procmail
  4 -rwxr-xr-x    1 root     root            181 Oct 24 03:51 poisoned


/etc/procmail/poisoned:

*.asd
*.chm
*.com
*.dll
*.eml
*.exe
*.hlp
*.hta
*.js
*.ocx
*.pif
*.scr
*.shb
*.shs
*.vb
*.vbe
*.vbs
*.wsf
*.wsh
*.[a-z][a-z][a-z0-9].[a-z0-9]+
list.doc
path.xls
story.doc
suppl.doc

The /var/log/procmail.log file contains nothing of any note, although it
does mention "Defanging active HTML content", relating to an incorrectly set
up cron job that runs at 19:05 every day and that sends an error report to
root.


Any help with this would be most appreciated.

Regards,
Brad

More information about the esd-l mailing list