Topic: checkhab blocking too much, even with no attachment?

[nate]

I use checkhab.  
I love it.
 
But...
 
It seems to block some messages that don't have any attachments?  
 
I have HTML blocking turned off, however, I do block .htm file attachments.  
 
I have noticed that these "false positives" are mostly due to messages sent from some kind of Microsoft client with a bunch of garbage HTML to make 'em look pretty.
 
I tell my users to tell their blocked senders to use "plain text" only mode, which of course works every time, ...but this gets old real fast!!!
 
Is there something I can do to fix this or should I dump checkhab for a ‘pattern matching’ system?

(Running server = sme 6.0.1 w/smeplus)


--Nate Hartman

[raem]

nate

I think it's a case of "you can't force people to do what you want/prefer", so I think you are better off allowing those html type messages through and using an email client that does not display html content.

> Is there something I can do to fix this or should I dump checkhab for a ‘pattern matching’ system?

Using pattern matching as well as clamav as well as RBL as well as spamassassin is a good idea. On my systems no email viruses have got through to users with that combination in place. Clamav seems to catch the very few html virii that do get through pattern matching executable content rejection.

See
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Mail%20system%20tweaks%20HOWTO%20for%20sme%20server.htm

and Jesper knudsens site.

[CharlieBrady]

I use checkhab.

What's checkhab? Should we all know?

[psc]

What's checkhab? Should we all know?

Maybe ... it´s a not so good solution to block attachments and foreward the mails to a "junkmail" account.

Badly the shellscript (http://ngm.id.au/checkhab)
checks only for the pattern inside the email ... so all senders with .com domains are moved to junkmail due blocking of *.COM files.

Also see http://myezserver.com/phpBB2/viewtopic.php?t=461&highlight=checkhab

Peter

[nate]

Ray, thank you for your response.  I have been a sysadmin and IT manager for many years
and I know all about "user expectation management" and the even more ridiculous,
management expectation management.  
 
As we all know e-mail is the most important thing in the universe, so we must get it right!  
 
I do allow HTML formatted mail to pass through.  The script does not block it.  
However, I do block attachments with the .htm extension; ...this is different.  
Also, I do use ClamAV and Spamassassin, all good stuff...  
However, I really like the idea of an easy to deploy, hard and fast system for blocking
“bad” file attachments by stopping them at the gate, which is the promise of checkhab.

To Peter, I must point out that you are not correct in your statement:  
“all senders with .com domains are moved to junkmail due blocking of *.COM files.”  
That is simply not the case.  - If it were the script would be useless.
 
I have been using checkhab since 5.5 and now use it on 601.  Darrell May wrote a panel for it
(I don’t know what he did with it, the link I had returns a “Not Found”?), I still have the .rpm and howto.  
I can post it if anyone is interested.  

I still like checkhab and will continue to use it until I discover or someone points me to a better alternative.

-- Nate