txt file getting blocked as Quick Time file
gmatt at nerc.ac.uk
Thu Oct 23 14:34:23 IST 2008
Kate Kleinschafer wrote:
> I am getting a few messages blocked saying they have a Quick Time file
> attached (which shows as msg-18161-4.txt)
the quicktime signatures are extremely broad. I get around this by
commenting out the overly generous signatures and re-compiling the magic
data. See the man page for "file(1)" in particular the "-C" option. See
also the man page for magic(5) although this is not necessary it will
give you a better idea of how file works.
copy aside the orginal magic file (on redhat/centos this is
/usr/share/file/magic) and edit it. Personally, I comment out the
#4 string free Apple QuickTime movie file (free)
#4 string junk Apple QuickTime movie file (junk)
#4 string skip Apple QuickTime movie file (skip)
#4 string wide Apple QuickTime movie file (wide)
#4 string pict Apple QuickTime movie file (pict)
which hit any message body beginning with those letters. If you examine
the bodies of the messages that are getting blocked, I expect you'll
find that they begin with one of those 4-letter combinations. Now
recompile the .mgc file using file -C.
Finally exclude "file" from software updates (edit /etc/yum.conf or
tweak your up2date config).
Also consider using the mime filetype checking - not sure where this is
documented off-hand but it was discussed at length on this list.
> I know the message is ham.
> After doing some searching on the internet I came across a thread that
> said the following about the problem:
> /This bug is not so much a problem with filenames. I'm just pointing out
> />/ that the filenames.conf entries don't override filetype.conf So the
> />/ tnef created "msg*.txt" files that can be misinterpretted by
> filetype as
> />/ Quicktime files can't be overridden. The only options are to allow
> />/ quicktime filetypes or disable the "Use TNEF Contents" option.
> /Is the best option to allow QuickTime in filetype.rules.conf or is
> there another more suitable option.
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.
More information about the MailScanner