>When looking for a missing rule, I discovered a second setting -
>g_rename_content - should I be setting that too?

Yes you need g_rename_content too as the email client may append the extension based on the mime type even though the file name was renamed, so the file becomes dangerous anyway.

If it still fails, send me the raw message file to examine, it's possible there is something odd about it that is confusing the mime parser.

	ChrisP.

Because some of my (Windows) users click on attachments before they
realize that the mail is spam, we have been hit by ransomware (over a
year ago). To prevent this click-first-think-later scenarios, I set the
following:

    g_block_files "*.exe"
    g_block_files "*.pif"
    g_block_files "*.msi"
    g_block_files "*.msp"
    g_block_files "*.com"
    g_block_files "*.scr"
    g_block_files "*.hta"
    g_block_files "*.cpl"
    g_block_files "*.msc"
    g_block_files "*.jar"
    g_block_files "*.bat"
    g_block_files "*.cmd"

and

    g_virus_rename "TRUE"

and

    g_rename_files
"*.zip,*.gz,*.7z,*.cab,*.jar.*.rar,*.tgz,*.doc,*.xls,*.ppt,*.docx,*.xlsx,*.pptx"


(I see the overlap for .jar)

However, we occasionally get mail with .docx attachments where the "."
is not converted to a "_".

When looking for a missing rule, I discovered a second setting -
g_rename_content - should I be setting that too??

Any idea why files escape renaming? I have NO white listed IPs/addresses
that would skip the renaming.

Thanks

Neil