On Fri, Aug 31 2018, Kelvin Smith wrote: > If I put the file into a zip archive, everything works normally. > However, I'd prefer to be able to send the file directly. Any ideas on > what's going on?
By the error message, it's mod_security detecting the attachment as SQL (which indeed it is), and blocking it on the basis that it might cause an SQL injection. This happens before DL can process the attachment, so this is not a problem on DL by itself. You should be able to disable this specific case using "SecRuleRemoveById" (using the appropriate ID as reported in the server log) inside a <Directory> block or inside .htaccess (if allowed). Look up SecRuleRemoveById or SecRuleEngine for more info.