Filetype scanning rules?

Julian Field mailscanner at ecs.soton.ac.uk
Mon Jun 30 18:53:14 IST 2003


At 18:30 30/06/2003, you wrote:
>On Monday 30 June 2003 6:22 pm, Julian Field wrote:
>
> > Currently, the only rule in the new filetype.rules.conf file bans
> > executables. Has anyone got any good ideas for extra rules to allow or deny
> > other types of files?
>
>I think a fair number of people might be interested in banning filetypes such
>as mp3 mpg avi...

Good idea. Added.

> > Should I enable this filetype checking by default?
> >
> > Your thoughts, votes and comments please.
>
>My thoughts are, yes, enable it by default; block executables and allow
>genuine zips, then people can add their own additional preferences.
>
>I wonder if it's possible to come up with an intelligent way of combining the
>extension check with the filetype check, so a file gets blocked if the
>extension doesn't match the contents?

This is really hard to do as you need a complete map of all the possible
file extensions and the "file" command output that should be expected for
each one. A nightmare to build and maintain :-(

Current filetype.rules.conf is this:

#
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny, then regular expression, then log text, then user
# report text.
#

allow   text            -                       -
allow   script          -                       -
allow   archive         -                       -
deny    ELF             No executables          No programs allowed
deny    executable      No executables          No programs allowed
deny    MPEG            No MPEG movies          No MPEG movies allowed
deny    AVI             No AVI movies           No AVI movies allowed
deny    MNG             No MNG/PNG movies       No MNG movies allowed
deny    QuickTime       No QuickTime movies     No QuickTime movies allowed

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list