broken /usr/bin/file behaviour

Joshua Hirsh joshua.hirsh at PARTNERSOLUTIONS.CA
Wed Nov 23 19:12:05 GMT 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> and then run /usr/bin/file against it. It is reported as:
> Apple QuickTime movie file (free)
> 
> Does this count as a bug - it has certainly bugged one of my users who
> has had his email blocked as a result.


 I've personally disabled a few of the quicktime checks as they catch on regular messages quite often. You might want to comment out these five lines in your magic file (/usr/share/magic or /usr/share/file/magic on RHEL3/4 systems respectively):

4	string	free		Apple QuickTime movie file (free)
4	string	junk		Apple QuickTime movie file (junk)
4	string	skip		Apple QuickTime movie file (skip)
4	string	wide		Apple QuickTime movie file (wide)
4	string	pict		Apple QuickTime movie file (pict)

 The problem is that these patterns (column #3) are matched starting at the 4th character within the file. During my testing (ie: randomly downloading quicktime movies to check which type they were), a majority of them were matched under the first four patterns listed in the magic file (moov, mdat, ftyp, pnot), and not the ones listed above that I disabled. There was also one other that matched AVI's quite frequently, but I can't find it anymore.


 As an example of messages that match against these patterns, emails that start with the following as the first line will get triggered:

The pictures
The junk
Its wide
I'm free

..etc...etc..


 As always, YMMV.



Cheers,

-Joshua

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list