1. First you need to find out why the attachment was blocked. The reason will be given either in the blocked attachment message or in the MailWatch report.
If you have the blocked attachment message (often sent to the original sender of the attachment), look for the text following "Report:". There may be more than one reported reason.
If you don't have the blocked attachment message, you will need to get the message ID of the message that had the attachment stripped. You may be able to find this in /var/log/exim_mainlog by grepping for the sender or recipient email address. You might also be able to find it through MailWatch using the Report feature. Enter the message ID in the message ID field at the top of MailWatch, and then look under "Anti-Virus/Dangerous Content Protection". In the Report section it should show the reason the file attachment was blocked.
Attempt to hide real filename extension (file.pdf.dat) Windows Screensavers are often used to hide viruses (account-report.scr) No programs allowed (account-report.scr) Executable DOS/Windows programs are dangerous in email (product1.exe) No programs allowed (product1.exe)
2. Login to SSH and search /usr/mailscanner/etc/filename.rules.conf and /usr/mailscanner/etc/filetype.rules.conf for the exact text shown in the dangerous content report. You can then edit the file to allow the type of attachment you want to allow through. Sometimes an attachment will be blocked by both the filename and filetype rules, in which case you would need to edit both files. You should also edit the corresponding archives configuration file in the same way, i.e. archives.filename.rules.conf or archives.filetype.rules.conf.
3. Restart MailScanner.
NOTE: Be careful when editing the filetype.rules.conf file as they are very general rules and you could end up allowing a lot of dangerous attachments through. You might want to change the filetype rules for only specific domains if possible, rather than all domains on the server. See this FAQ for information:
How can I allow certain file attachments in emails sent to or from some domains but still block them for all other domains?
If you only want to allow certain attachments for one or two domains but still block them for all other domains, then you need to do the following.
Copy /usr/mailscanner/etc/filename.rules.conf and /usr/mailscanner/etc/filetype.rules.conf (and archives.filename.rules.conf and archives.filetype.rules.conf if appropriate) to create new conf files, for example filename.special.rules.conf and filetype.special.rules.conf. Edit the new conf files to allow the files you wish to permit through.
Then edit /usr/mailscanner/etc/rules/filename.rules.rules and filetype.rules.rules and modify the line for the domain(s) you wish to use the new ruleset, like this:
FromOrTo: domain.com /usr/mailscanner/etc/filename.special.rules.conf
FromOrTo: domain.com /usr/mailscanner/etc/filetype.special.rules.conf
(Each of the above lines should be all on one line in the rules files.)
Information about determining why an attachment has been blocked and modifying the filename and filetype configuration files can be found here:
Restart MailScanner after you have made any changes to the rules files or filename/filetype configuration.