Filetype scanning rules?
mailscanner at ecs.soton.ac.uk
Mon Jun 30 18:53:14 IST 2003
At 18:30 30/06/2003, you wrote:
>On Monday 30 June 2003 6:22 pm, Julian Field wrote:
> > Currently, the only rule in the new filetype.rules.conf file bans
> > executables. Has anyone got any good ideas for extra rules to allow or deny
> > other types of files?
>I think a fair number of people might be interested in banning filetypes such
>as mp3 mpg avi...
Good idea. Added.
> > Should I enable this filetype checking by default?
> > Your thoughts, votes and comments please.
>My thoughts are, yes, enable it by default; block executables and allow
>genuine zips, then people can add their own additional preferences.
>I wonder if it's possible to come up with an intelligent way of combining the
>extension check with the filetype check, so a file gets blocked if the
>extension doesn't match the contents?
This is really hard to do as you need a complete map of all the possible
file extensions and the "file" command output that should be expected for
each one. A nightmare to build and maintain :-(
Current filetype.rules.conf is this:
# NOTE: Fields are separated by TAB characters --- Important!
# Syntax is allow/deny, then regular expression, then log text, then user
# report text.
allow text - -
allow script - -
allow archive - -
deny ELF No executables No programs allowed
deny executable No executables No programs allowed
deny MPEG No MPEG movies No MPEG movies allowed
deny AVI No AVI movies No AVI movies allowed
deny MNG No MNG/PNG movies No MNG movies allowed
deny QuickTime No QuickTime movies No QuickTime movies allowed
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner