No programs allowed (ETP.DAT)

[Glenn Steen]

On 14/12/2007, Ugo Bellavance <ugob at lubik.ca> wrote:
> Dave Jones wrote:
> > MailScanner is blocking the BlackBerry Enterprise Activation file.  It
> > shows in MailWatch as a "video/unknown" file type so I added this to the
> > filetype.rules.conf and the file name to the filename.rules.conf but it
> > is still getting blocked as if it is an executable of some kind.
> >
> > The following e-mails were found to have: Bad Filename Detected
> >
> >     Sender: network at etp1101.etp.na.blackberry.net
> > <mailto:network at etp1101.etp.na.blackberry.net>
> > IP Address: 172.16.11.11 <http://172.16.11.11>
> >  Recipient: someuser at domain.com <mailto:someuser at domain.com>
> >    Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2
> >  MessageID: lBDM3p5x002753
> > Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753
> >     Report: MailScanner: No programs allowed (ETP.DAT)
>                            ^^^^^^^^^^^^^^^^^^^
> It is seen as a program, not a video.
>
> Regards,
>
> Ugo
Yes, this is the problem with ETP.DAT... It is a binary file,
encrypted, but not ascii armored... There should be an ascii-armored
attachment (or is it in the message body? I fail to recall...) as
well, but sometimes BES seems to be unable to grok that.
The only solution is to avoid filetype checking on these altogether. A
simple ruleset and a generic "allow everything" file will do the
trick.
Best would be if the BB people had only one or two fixed IPs that send
these, but... alas, that is not the case. So you'll have to WL on
address, likely.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se