TXT files seen as MPEG movies

Julian Field MailScanner at ecs.soton.ac.uk
Fri Jan 23 21:32:43 GMT 2009



On 23/1/09 16:01, Kai Schaetzl wrote:
> Johan Hendriks wrote on Fri, 23 Jan 2009 15:36:37 +0100:
>
>    
>> The senders is on the whitelist
>>      
>
> which is only for spam. If you want to exclude senders from all scanning
> you have to use something like:
> Scan Messages = %rules-dir%/scan.messages.rules
>
>    
>> What can  I  do to make sure these files get passed.
>>      
>
> This check is a *filetype* check, so you have to whitelist there!
> (This is obviously a misinterpretation of some characters in the beginning
> of the text file, so the file binary thinks it's mpeg.)
>    
This is a problem with the "file" command.
Try reading the docs in the top of the latest versions of the file about 
putting in the optional 5th field which uses the MIME type reported by 
the "file -i" command instead. This actually uses a different database 
and will often report that a file is plain text when the "file" command 
on its own reports something quite different (such as an MPEG movie 
file). Grab one of the rogue attachments from your quarantine and do a 
"file" on it and a "file -i" on it and you'll probably see the difference.

This is all supported within filetype.rules.conf. You just need to set 
it up right.

> Kai
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list