Filetype false positive?
jakari at blueavian.com
Fri Feb 17 13:36:38 GMT 2006
On 2/17/06 8:13 AM, "Matthew L. Dailey" <mdailey at marlboro.edu> wrote:
> We've run into what I think may be a false positive in the filetype
> match, although it is _very_ obscure. If we send a message which
> begins with the letters 'LZ', the message is detected as an
> executable. We have had this problem for a while, but I just built a
The system "file" command is picking this up. Quick test:
$ echo "LZ- " > foo.txt
$ file foo.txt
foo.txt: MS-DOS executable (built-in)
A workaround might be to edit your local /usr/share/magic so that it doesn't
catch the "LZ" string. Of course, this means that any executables of that
format will not get detected by this means, so there's a risk.
More information about the MailScanner