blocking SDG files?

Steen, Glenn Glenn.Steen at AP1.SE
Tue Mar 29 16:28:16 IST 2005


It's "guessing" that it's some form of "unix executable" more or less...
file isn't the most ... precise ... tool in history.
Using file one can well expect a few FPs from it, after all, the decision
mechanism isn't rocket sience any way you look at it:-).
Have a look at you /etc/magic .. Usually well-commented.
 
If you use filetype checks, then you'd perhaps best use a quarantine too,
if you don't already.
 
-- Glenn
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
On Behalf Of Fractal IT Dept.
Sent: den 29 mars 2005 17:17
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: blocking SDG files?

Scott Silva wrote:
      You might try to run it through the "file" command.

Hi Scott,

I've run the file through the "file" command and I get 'unknown
readable demand paged pure executable'. I'm not sure what that
means though.

I have also had a look at the file in a hex editor, and it
certainly doesn't look like a standard dos/windows executable file.
It's missing the usual "MZ" at the beginning of the file, for one.
To me, this file looks like a binary data file.

Chris
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

^@ ------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list