mailscanner occasionally denying certain blackberry emails

Daniel Maher daniel.maher at ubisoft.com
Mon Jul 23 16:10:08 IST 2007 

> > I have a situation where MailScanner will occasionally block attachments
> in
> > emails generated by the Blackberry service.  Normally the attachments
> are
> > not blocked, but every once in a while, it gets replaced with the
> "Warning:
> > This message has had one or more attachments removed..." message.  The
> name of
> > the attachment, in every instance, is "ETP.DAT", which shouldn't trigger
> > filename rules (and, indeed, normally doesn't).
> >
> Look closely at what it really say and you'll find that the binary
> file ETP.DAT (that is also attached as an ascii armored thing ...
> stupid, is what it all is... will sometimes "aggravate" your file
> command, specifically MS-DOS Executable "magic" patterns of one (1)
> byte. Simply remove these from your magic file (edit the text variant,
> use the file command to "recompile" it), and you'll be fine.
> 
> Cheers

Thanks for the reply.  Unfortunately, I'm not entirely sure I should be removing the magic data you're referring to.  To wit:

[user at mailserver file]# grep MS-DOS magic
# the first file (0x01 through 0x09), and bytes 3 to 15 are the MS-DOS
>7      byte            0               os: MS-DOS
>35     byte            0               os: MS-DOS
>16     byte    =0x00           \b, from MS-DOS
# Date in MS-DOS format (whatever that is)
>9      byte            =0x00           \b, from MS-DOS
>>14    byte            =0x00           os: MS-DOS
>>17    byte            =0x00           os: MS-DOS
>0x8C   string  Invalid\ partition\ table       \b, MS-DOS MBR
>0x10F  string  Ung\201ltige\ Partitionstabelle \b, MS-DOS MBR, german version 4.10.1998, 4.10.2222
>0x8B   string  Ung\201ltige\ Partitionstabelle \b, MS-DOS MBR, german version 5.00 to 4.00.950
#  Valid media descriptor bytes for MS-DOS:
#>69    string          dosa            (Macintosh MS-DOS file system)
# msdos:  file(1) magic for MS-DOS files
0       string/c        @echo\ off      MS-DOS batch file text
# So, for now, we assume the standard MS-DOS stub, which puts the
0       string  MZ              MS-DOS executable (EXE)
#0      byte            0xe9            MS-DOS executable (COM)
#0      byte            0x8c            MS-DOS executable (COM)
#0      byte            0xeb            MS-DOS executable (COM)
#0      byte            0xb8            MS-DOS executable (COM)
0       string          LZ              MS-DOS executable (built-in)
#0      byte            0xf0            MS-DOS program library data

If I comment out the (three) active 1-byte MS-DOS lines, won't file lose its ability to detect MS-DOS executables altogether?  This is not a desired behaviour. :/

Would it not be possible to write some sort of MailScanner rule that would exempt files named "ETP.DAT", and coming from the Blackberry service, from being analysed with file?

Thanks again for your input.


--
  _
 °v°  Daniel Maher
/(_)\ Administrateur Système Unix
 ^ ^  Unix System Administrator
 
"The most incomprehensible thing about the world is that it is comprehensible." -- Albert Einstein.off the website!

More information about the MailScanner mailing list