txt file getting blocked as Quick Time file
kate at rheel.co.nz
Thu Oct 30 22:30:41 GMT 2008
Greg Matthews wrote:
> Kate Kleinschafer wrote:
>> I am getting a few messages blocked saying they have a Quick Time
>> file attached (which shows as msg-18161-4.txt)
> the quicktime signatures are extremely broad. I get around this by
> commenting out the overly generous signatures and re-compiling the
> magic data. See the man page for "file(1)" in particular the "-C"
> option. See also the man page for magic(5) although this is not
> necessary it will give you a better idea of how file works.
> copy aside the orginal magic file (on redhat/centos this is
> /usr/share/file/magic) and edit it. Personally, I comment out the
> following lines:
> #4 string free Apple QuickTime movie file (free)
> #4 string junk Apple QuickTime movie file (junk)
> #4 string skip Apple QuickTime movie file (skip)
> #4 string wide Apple QuickTime movie file (wide)
> #4 string pict Apple QuickTime movie file (pict)
> which hit any message body beginning with those letters. If you
> examine the bodies of the messages that are getting blocked, I expect
> you'll find that they begin with one of those 4-letter combinations.
> Now recompile the .mgc file using file -C.
> Finally exclude "file" from software updates (edit /etc/yum.conf or
> tweak your up2date config).
> Also consider using the mime filetype checking - not sure where this
> is documented off-hand but it was discussed at length on this list.
>> I know the message is ham.
>> After doing some searching on the internet I came across a thread
>> that said the following about the problem:
>> /This bug is not so much a problem with filenames. I'm just pointing
>> />/ that the filenames.conf entries don't override filetype.conf So
>> />/ tnef created "msg*.txt" files that can be misinterpretted by
>> filetype as
>> />/ Quicktime files can't be overridden. The only options are to allow
>> />/ quicktime filetypes or disable the "Use TNEF Contents" option.
>> /Is the best option to allow QuickTime in filetype.rules.conf or is
>> there another more suitable option.
Thank you for the very helpful information Greg - I had no idea that was
how it checked and blocked the files.
I will look into implementing this shortly.
More information about the MailScanner