txt file getting blocked as Quick Time file

Greg Matthews gmatt at nerc.ac.uk
Thu Oct 23 14:34:23 IST 2008 

Kate Kleinschafer wrote:
> I am getting a few messages blocked saying they have a Quick Time file 
> attached (which shows as msg-18161-4.txt)

the quicktime signatures are extremely broad. I get around this by 
commenting out the overly generous signatures and re-compiling the magic 
data. See the man page for "file(1)" in particular the "-C" option. See 
also the man page for magic(5) although this is not necessary it will 
give you a better idea of how file works.

copy aside the orginal magic file (on redhat/centos this is 
/usr/share/file/magic) and edit it. Personally, I comment out the 
following lines:

#4      string          free            Apple QuickTime movie file (free)
#4      string          junk            Apple QuickTime movie file (junk)
#4      string          skip            Apple QuickTime movie file (skip)
#4      string          wide            Apple QuickTime movie file (wide)
#4      string          pict            Apple QuickTime movie file (pict)

which hit any message body beginning with those letters. If you examine 
the bodies of the messages that are getting blocked, I expect you'll 
find that they begin with one of those 4-letter combinations. Now 
recompile the .mgc file using file -C.

Finally exclude "file" from software updates (edit /etc/yum.conf or 
tweak your up2date config).

Also consider using the mime filetype checking - not sure where this is 
documented off-hand but it was discussed at length on this list.

GREG

> I know the message is ham.
> After doing some searching on the internet I came  across a thread that 
> said the following about the problem:
> 
> /This bug is not so much a problem with filenames.  I'm just pointing out
> />/ that the filenames.conf entries don't override filetype.conf   So the
> />/ tnef created "msg*.txt" files that can be misinterpretted by 
> filetype as
> />/ Quicktime files can't be overridden.  The only options are to allow
> />/ quicktime filetypes or disable the "Use TNEF Contents" option.
> 
> /Is the best option to allow QuickTime in filetype.rules.conf or is 
> there another more suitable option.
> 
> Thanks
> Kate


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

More information about the MailScanner mailing list