Files being blocked despite configuration changes

Glenn Steen glenn.steen at
Wed Jul 8 00:06:57 IST 2009

2009/7/6 Kaplan, Andrew H. <AHKAPLAN at>:
> Hi there --
> Thanks for your reply, and my apologies for not getting back you sooner. I was
> on vacation last week. I had a question on how would I go about implementing
Hi Andrew,

I'm on a rather less that relaxing vacation myself (helping a relative
repanel&paint a rather huge economy building (double garage, old
carpentry shop (kind of late 19-th centuy design), wood shed, etc
etc... The darned thing measures about 25x8 meters and is about 10 m
high)), so ... I'll try shift from hammers and nails to MS:-)

> your
> suggested "file -i" method. Would it be simply a matter of adding an argument
> to the /etc/init.d/MailScanner and/or /etc/sysconfig/MailScanner files, or is
> there another suggested method?

All you should need do, IIRC is to change the File Command setting in
MailScanner.conf, and perhaps look at/amend a few things in the
filetype.rules conf file (don't remember exactly). Some find that the
shift to mimetype detection become a bit too permissive (letting some
executables past...), so you should test it as thoroughly as possible.
Rather recently some kind soul posted a diff, to this list, for
removing the troublesome one-byte magics... That you might be able to
use, instead of switching to file -i.

> -----Original Message-----
> From: mailscanner-bounces at
> [mailto:mailscanner-bounces at] On Behalf Of Glenn Steen
> Sent: Saturday, June 27, 2009 6:54 PM
> To: MailScanner discussion
> Subject: Re: Files being blocked despite configuration changes
> 2009/6/26 Kaplan, Andrew H. <AHKAPLAN at>:
>> Hi there --
>> I received a request to have .dat files be allowed through our mail server.
>> Files of this type
>> were normally sent to quarantine with an e-mail notification report stating
>> the following:
>> Report: MailScanner: No programs allowed (set.dat)
>> Report: MailScanner: No programs allowed (set.dat)
>> I reconfigured the filename.rules.conf and filetype.rules.conf files to
>> allow the above file
>> types to pass through without problem. Listed below are the syntaxes from
>> each of the
>> configuration files:
>> filename.rules.conf
>> # Physics has requested that files of this type be allowed...
>> allow   \.dat$
>> filetype.rules.conf
>> allow   dat             -                       Physics requested these be
>> allowed
>> Once these changes were made, MailScanner along with the mailserver,
>> Sendmail, were
>> restarted via the /etc/init.d/MailScanner script. There were no failed
>> messages appearing
>> on-screen when this occurred.
>> The problem is the following: even though the files in question have been
>> configured to
>> be allowed, they are still being blocked and sent to quarantine. The version
>> of MailScanner
>> is 4.72.5 while that of Sendmail is 8.14.1.
>> What other steps and/or
>> corrections do I need to make in order to fix this? Thanks.
> The file command doesn't know what "dat" is... It finds the "magic"
> strings/bytes that identify it as some type of executable (just run
> file on the quarantined file, if you store them, and you'll see). This
> might be due to the file actually being an executable, or accidentally
> triggering one of the more optimistic one-byte-magics ... in which
> case you either face editing/recompiling your magic file, or switching
> to "file -i" for file type purposes. The latter might be best.
> Cheers

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list