File Type Check Problem

Julian Field MailScanner at ecs.soton.ac.uk
Fri Apr 4 15:39:09 IST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Mike Kercher wrote:
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
>> Julian Field
>> Sent: Thursday, April 03, 2008 3:21 PM
>> To: MailScanner discussion
>> Subject: Re: File Type Check Problem
>>
>>
>>
>> Mike Kercher wrote:
>>   
>>     
>>> I've been searching and haven't found a resolution for this yet.
>>>
>>> Periodically, we get emails with attachments coming through that are 
>>> not being detected properly.  MailScanner reports:
>>>
>>> MailScanner: No programs allowed (msg-10410-101.txt)
>>>   
>>>     
>>>       
>> This is being caught by the filetype trap.
>>   
>>     
>>> If I go look at the quarantined email in MailWatch and download the 
>>> attachment, it is a PDF.
>>>     
>>>       
>> That may be what the filename says, but what does the "file" command 
>> report?
>>   
>>     
>>>   There was talk of the file -i command switch.
>>> Is this something that needs to be set in MailScanner.conf?
>>>   
>>>     
>>>       
>> No, just read the latest filetype.rules.conf and filename.rules.conf 
>> files, the comments at the top of each file tell you how to use it.
>> There is also an example line in filetype.rules.conf for you to copy.
>>
>>   
>>     
>>> TIA
>>>
>>> Mike
>>>   
>>>     
>>>       
>> Jules
>>
>> --
>>
>> Jules,
>>
>> Running file against the message yields the following:
>>
>> [root at HOUPMS02 m334jSTE009852]# file message
>> message: smtp mail text
>> [root at HOUPMS02 m334jSTE009852]# file -i message
>> message: message/rfc822\011
>>
>> Not quite sure what changing the filetype.rules.conf would do for me 
>> here.
>>   
>>     
> No! I meat you to run the "file" command on the attachment, not the
> message! :-( Funnily enough, when you run it on the message it says it's
> a message :-)
>
> Jules
>
> --------
>
> Sorry about that :)  Here's the output of file run against the
> attachment itself:
>
> [root at HOUPMS01 ~]# file OSC81.pdf 
> OSC81.pdf: PDF document, version 1.3
>
> [root at HOUPMS01 ~]# file -i OSC81.pdf 
> OSC81.pdf: application/pdf
>   
Have just checked your original report, and it wasn't the attachment it 
blocked, it was the main message body (hence the "txt" extension with 
the unusual filename). Harder to stop that unless you switch from using 
the "executable" trap in filetype.rules.conf to a replacement trap using 
the MIME type reported by file -i instead (see comments at the start of 
filetype.rules.conf).
> Mike
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFH9j2OEfZZRxQVtlQRAmZiAJwPS5jjxhoukvmFSoj5JYyMGP8U+QCgzMdS
bHrfC2GyNSDz4ZOdqsl9zSw=
=knIJ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list