Tattwam
Level 1 (5 points)
Servers Enterprise

Q: Block Attachments (ZIP, RAR Etc.)

Hello All

 

I am sure there would be someone to help me out there.

 

I want to block all incoming emails in which there are attachments like *.zip or *.rar etc.

This will make server more secure.

 

Thanks in advance.

 

OS X Server 5.1 with OS X 10.11.4

Mac mini, OS X El Capitan (10.11.1)

Posted on Mar 31, 2016 11:56 PM

by pterobyte,Solvedanswer
pterobyte pterobyte
Level 6 (11,101 points)
Servers Enterprise
A:

This would also prevent legit ZIP attachments from coming through and is not necessary. ClamAV is quite good at catching viruses inside ZIP files. Also, it will not make your server more secure. If anything, it might prevent a few users from opening an infected file.

 

If you must, however, edit:

/Library/Server/Mail/Config/amavisd/amavisd.conf

 

Look for a section starting with:

qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension

 

and change to:

qr'.\.(exe|vbs|pif|scr|cpl|zip|rar)$'i,             # banned extension

Posted on Apr 5, 2016 3:53 AM

Close
Tattwam

Q: Block Attachments (ZIP, RAR Etc.)

  • All replies
  • Helpful answers

  • by pterobyte,Solvedanswer

    pterobyte pterobyte Apr 5, 2016 3:53 AM in response to Tattwam
    Level 6 (11,101 points)
    Servers Enterprise
    Apr 5, 2016 3:53 AM in response to Tattwam

    This would also prevent legit ZIP attachments from coming through and is not necessary. ClamAV is quite good at catching viruses inside ZIP files. Also, it will not make your server more secure. If anything, it might prevent a few users from opening an infected file.

     

    If you must, however, edit:

    /Library/Server/Mail/Config/amavisd/amavisd.conf

     

    Look for a section starting with:

    qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension

     

    and change to:

    qr'.\.(exe|vbs|pif|scr|cpl|zip|rar)$'i,             # banned extension

  • by Tattwam,

    Tattwam Tattwam Apr 1, 2016 9:20 AM in response to pterobyte
    Level 1 (5 points)
    Servers Enterprise
    Apr 1, 2016 9:20 AM in response to pterobyte

    Actually my concern to block these type of files is to stop spamming as most of the spam mails contains zipped files.

     

    Also I am little bit unhappy with OS X Server ClamAV. We are getting plenty of Virus mails daily that contains zip files and that affects the server.

    I have faced the spamming issue 5-6 times in last one year.

        

    If you can guide me to increase the server security or decrease spam, it would be more helpful.

    I have taken all necessary steps to secure the server, but unfortunately I am not happy with the ClamAV.

     

    Thanks in advance

  • by MadMacs0,

    MadMacs0 MadMacs0 Apr 1, 2016 3:17 PM in response to Tattwam
    Level 5 (4,791 points)
    Apr 1, 2016 3:17 PM in response to Tattwam

    I suspect that supplementing the ClamAV definitions with some from Sanesecurity will help.

  • by pterobyte,

    pterobyte pterobyte Apr 4, 2016 2:37 AM in response to Tattwam
    Level 6 (11,101 points)
    Servers Enterprise
    Apr 4, 2016 2:37 AM in response to Tattwam

    There are lots of things you can do which are more effective and will cause less false positives than simply blocking ZIP attachments.

     

    It mostly revolves around properly configuring Postfix, ClamAV, SpamAssassin and amavisd.

     

    What you need to do goes beyond what Server.app is capable of doing so you will need to work in Terminal. If you don want to do that, than your best bet is to make sure Greylisting is on. Might delay some mail, but will block lots of rogue mail.