4.51.6-1, linux file command mis-diagnosing bodies of messages

Julian Field MailScanner at ecs.soton.ac.uk
Mon Apr 3 21:28:21 IST 2006 

Paul Haldane wrote:
> We had a odd issue today - one of my colleagues sent a plain text message which was flagged as having a disallowed file type ...
>
> The original e-mail attachment "the entire message"
> is on the list of unacceptable attachments for this site and has been
> replaced by this warning message.
>
> After a fair amount of log trawling (which didn't help much) and experimentation we eventually worked out that it was provoked by the 5th to 8th characters of the body of the message being 'free'.  This gets picked up by the Linux file command as Apple QuickTime movie file because of the following entry in /usr/share/file/magic (this is RH AS4) ...
>
> 4       string          free            Apple QuickTime movie file (free)
>   
You aren't the first person to suffer this problem. Please file a 
feature request to the maintainer of the magic file that lists all these 
checks. I hope it is possible to determine the QuickTime movie files 
using some other route.

This is the main troublemaker in the "file" command at the moment.
> It would have helped if somewhere (either in the logs or in the message sent to the sender) we could show what type of file we thought it was rather than just saying that it's something that's not on our allowed list (if this should be happening already we'll check our configs).
>
> I'm not sure what we plan to do to fix this here.  Obvious kludges that occur to me are taking the entry out of the magic file (and recompiling the version magic uses), doing the same thing but having a separate version of the magic file for use by MailScanner or being less restrictive in the set of file types we let through.
>   
To be honest, I would just allow them. Run a sensible max message size 
(I use 100Mbytes) and let them get on with it. They won't manage to send 
a whole TV programme very easily with a 100Mbyte max message size 
(implemented in sendmail and not MailScanner).
> Paul
>   

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list