FW: [Mailwatch-users] file name rules help
Glenn Steen
glenn.steen at gmail.com
Mon Jan 14 17:16:49 GMT 2008
On 14/01/2008, Simon Jones <simon at saq.co.uk> wrote:
>
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
> > Sent: 14 January 2008 13:04
> > To: MailScanner discussion
> > Subject: Re: FW: [Mailwatch-users] file name rules help
> >
> > On 14/01/2008, Simon Jones <simon at saq.co.uk> wrote:
> > > > -----Original Message-----
> > > > From: mailwatch-users-bounces at lists.sourceforge.net
> > [mailto:mailwatch-
> > > > users-bounces at lists.sourceforge.net] On Behalf Of Scott Silva
> > > > Sent: 11 January 2008 17:07
> > > > To: mailwatch-users at lists.sourceforge.net
> > > > Subject: Re: [Mailwatch-users] file name rules help
> > > >
> > > > on 1/11/2008 4:28 AM Simon Jones spake the following:
> > > > > Hi - I need to allow .prx files through mailscanner - so i put
> > the
> > > > > following in /etc/MailScanner/filename.rules.conf under the "#
> > These
> > > > are
> > > > > known to be mostly harmless." section but it still quarantines
> > them.
> > > > >
> > > > > allow \.prx$ - -
> > > > >
> > > > > thanks!
> > > > >
> > > > > Si
> > > > >
> > > > Did you reload Mailscanner?
> > > > How are they marked when they are quarantined? Could they also be
> > > > getting
> > > > caught in filetype rules?
> > > >
> > > >
> > > > --
> > > >Hi Scott,
> > > >
> > > >Yep I did restart mailscanner - report in MailWatch:
> > > >
> > > >Anti-Virus/Dangerous Content Protection
> > > >Virus: N
> > > >Blocked File: Y
> > > >Other Infection: N
> > > >Report: No programs allowed (C17M.PRX)
> > > >
> > > >Cheers,
> > > >
> > >
> > > Hi, anyone help me get prx files through mailscanner please?
> > originally
> > > posted to mailwatch list by mistake.
> > >
> > Simon,
> >
> > Scott already asked fro the relevant bit of information, namely what
> > the file command (which MS uses to determine the "type") thinks about
> > your .prx file. My guess is that it'll trigger on one of the more
> > optimistic file magics (like one byte magics for MS-DOS .COM
> > executables).
> > Show that information, please.
> > To rectify, one could perhaps try use the new file -i stuff Jules has
> > implemented (in beta, I think), or simply edit the magic file and
> > compile it (file -C)...
> >
> > Cheers
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
>
> Err... what's a "magic file" (ooh dear - sorry :@)
>
Hehe... What an amazing amount of misinformation I could give you now,
if I was a really evil bunny.... :-)
I suggest you read "man file" or "info file" or google it...:-).
Short synopsis: a "file magic number" is simply a collection of more
or less simple patterns to determine a file type. The magic is usually
rather numeric in form, but can also include strings etc. A
"magic-file" is a file containg a collection of "file magics" that the
file command uses. Since this collection is rather hefty, the command
doesn't use the human-readable text file (usually found someplace like
/usr/share/misc/magic ... check your file-commands man-page...)...
Rather it "compiles" this into a binary format (magic.mgc). This
compilation can easily be done by way of "file -C" ... So once you
know what magic gets triggered by file on the .prx file, you can edit
your copy of the magic file and "recompile" it...
Clearer?
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list