Russian text and /etc/magic
Dustin Baer
dustin.baer at IHS.COM
Thu Oct 14 16:29:12 IST 2004
<x-flowed>
Julian,
You once mentioned modifying /etc/magic in order to get around certain
output from `file` when doing filetype checking.
In the past, I've had a problem with Russian text being reported as an
executable. The output from `file` on the quarantined attachments
(msg-xxx.txt) is:
# file msg-22359-130.txt
msg-22359-130.txt: DOS executable (COM)
I've changed /etc/magic:
< 0 byte 0xe9 DOS executable (COM)
---
> 0 byte 0xe9 DOS executable (COM) RUSSIAN
TEXT MAILSCANNER
And then added an "allow" rule in filetype.rules.conf. This all works
as I would like.
My question is how safe is this? I have gone through every file I have
in quarantine and only see the "DOS executable (COM)" output for those
with Russian text. Other executables report as "... (EXE)"
If anyone is bored, would you mind running `file` on all of your files
in quarantine and let me know if any of them show "DOS executable (COM)"
as the output? Here are the commands I used (for Sendmail users):
$ cd /var/spool/MailScanner/quarantine
$ find 2004*/i* -ls | grep -v [dq]f | grep [a-zA-Z]$ | awk '{print $11}'
| while read i ; do file $i; done | grep COM
Thanks,
Dustin
--
Dustin Baer
Transport Extranet Network Services
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list