txt file getting blocked as Quick Time file

Kate Kleinschafer kate at rheel.co.nz
Thu Oct 30 22:30:41 GMT 2008 

Greg Matthews wrote:
> Kate Kleinschafer wrote:
>> I am getting a few messages blocked saying they have a Quick Time 
>> file attached (which shows as msg-18161-4.txt)
>
> the quicktime signatures are extremely broad. I get around this by 
> commenting out the overly generous signatures and re-compiling the 
> magic data. See the man page for "file(1)" in particular the "-C" 
> option. See also the man page for magic(5) although this is not 
> necessary it will give you a better idea of how file works.
>
> copy aside the orginal magic file (on redhat/centos this is 
> /usr/share/file/magic) and edit it. Personally, I comment out the 
> following lines:
>
> #4      string          free            Apple QuickTime movie file (free)
> #4      string          junk            Apple QuickTime movie file (junk)
> #4      string          skip            Apple QuickTime movie file (skip)
> #4      string          wide            Apple QuickTime movie file (wide)
> #4      string          pict            Apple QuickTime movie file (pict)
>
> which hit any message body beginning with those letters. If you 
> examine the bodies of the messages that are getting blocked, I expect 
> you'll find that they begin with one of those 4-letter combinations. 
> Now recompile the .mgc file using file -C.
>
> Finally exclude "file" from software updates (edit /etc/yum.conf or 
> tweak your up2date config).
>
> Also consider using the mime filetype checking - not sure where this 
> is documented off-hand but it was discussed at length on this list.
>
> GREG
>
>> I know the message is ham.
>> After doing some searching on the internet I came  across a thread 
>> that said the following about the problem:
>>
>> /This bug is not so much a problem with filenames.  I'm just pointing 
>> out
>> />/ that the filenames.conf entries don't override filetype.conf   So 
>> the
>> />/ tnef created "msg*.txt" files that can be misinterpretted by 
>> filetype as
>> />/ Quicktime files can't be overridden.  The only options are to allow
>> />/ quicktime filetypes or disable the "Use TNEF Contents" option.
>>
>> /Is the best option to allow QuickTime in filetype.rules.conf or is 
>> there another more suitable option.
>>
>> Thanks
>> Kate
>
Thank you for the very helpful information Greg - I had no idea that was 
how it checked and blocked the files.
I will look into implementing this shortly.

Thanks again.

Kate

More information about the MailScanner mailing list