filetype rule false positive

Jared redjar at REDJAR.ORG
Tue Feb 22 16:21:53 GMT 2005


We recently had a false positive that matched against either the "ELF"
or "executable" rule in filetype.rules.conf file.  (The Mailscanner
message was: "No programs allowed")

The email had no attachment, the entire body of the email was removed.
The body of the email began with the characters: LZ

I tried sending myself an email with the same text and it was again
stopped.  I then tried it, but removed the LZ characters at the
beginning of the body and it came through without any issues.  I'm not
sure how the filetype rules are matched, so I don't even know if this
makes sense or if there is a way to prevent it.

I'm currently running MailScanner-4.38.10.

Thanks,
-jared

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list