Filetype false positive?

Jameel Akari jakari at blueavian.com
Fri Feb 17 13:36:38 GMT 2006


On 2/17/06 8:13 AM, "Matthew L. Dailey" <mdailey at marlboro.edu> wrote:

> We've run into what I think may be a false positive in the filetype
> match, although it is _very_ obscure. If we send a message which
> begins with the letters 'LZ', the message is detected as an
> executable. We have had this problem for a while, but I just built a

The system "file" command is picking this up.  Quick test:

$ echo "LZ- " > foo.txt
$ file foo.txt
foo.txt: MS-DOS executable (built-in)

A workaround might be to edit your local /usr/share/magic so that it doesn't
catch the "LZ" string.  Of course, this means that any executables of that
format will not get detected by this means, so there's a risk.

-- 
Jameel Akari




More information about the MailScanner mailing list