Filetype false positive?
Matthew L. Dailey
mdailey at marlboro.edu
Fri Feb 17 13:13:14 GMT 2006
We've run into what I think may be a false positive in the filetype
match, although it is _very_ obscure. If we send a message which
begins with the letters 'LZ', the message is detected as an
executable. We have had this problem for a while, but I just built a
completely new installation of our mail gateway with MS 4.50.15
hoping it would be gone, but it's not. In order to replicate this,
the message must begin with these two letters, and they must be in
caps. Here are the rules for executables that I'm using in
filetype.rules.conf:
deny executable No executables No programs allowed
deny ELF No executables No programs allowed
I know this is pretty weird and obscure, but one of the higher-ups in
our administration has the initials LZ and the President likes to
start e-mails to this individual with 'LZ-', which triggers this
every time.
Anyone have any ideas on this one? I took a quick look at the MS
code, but nothing jumped out at me - perhaps it's in one of the
parser or decoder modules that MS uses?
- Matthew L. Dailey
Director of Networks and Support Services
Marlboro College
mdailey _at_ marlboro _dot_ edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2423 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060217/06f926be/smime.bin
More information about the MailScanner
mailing list