Files being blocked despite configuration changes

[Glenn Steen]

2009/6/26 Kaplan, Andrew H. <AHKAPLAN at partners.org>:
>
> Hi there --
>
> I received a request to have .dat files be allowed through our mail server.
> Files of this type
> were normally sent to quarantine with an e-mail notification report stating
> the following:
>
> Report: MailScanner: No programs allowed (set.dat)
> Report: MailScanner: No programs allowed (set.dat)
>
> I reconfigured the filename.rules.conf and filetype.rules.conf files to
> allow the above file
> types to pass through without problem. Listed below are the syntaxes from
> each of the
> configuration files:
>
> filename.rules.conf
> # Physics has requested that files of this type be allowed...
> allow   \.dat$
>
> filetype.rules.conf
> allow   dat             -                       Physics requested these be
> allowed
>
> Once these changes were made, MailScanner along with the mailserver,
> Sendmail, were
> restarted via the /etc/init.d/MailScanner script. There were no failed
> messages appearing
> on-screen when this occurred.
>
> The problem is the following: even though the files in question have been
> configured to
> be allowed, they are still being blocked and sent to quarantine. The version
> of MailScanner
> is 4.72.5 while that of Sendmail is 8.14.1.
>
> What other steps and/or
> corrections do I need to make in order to fix this? Thanks.
>
The file command doesn't know what "dat" is... It finds the "magic"
strings/bytes that identify it as some type of executable (just run
file on the quarantined file, if you store them, and you'll see). This
might be due to the file actually being an executable, or accidentally
triggering one of the more optimistic one-byte-magics ... in which
case you either face editing/recompiling your magic file, or switching
to "file -i" for file type purposes. The latter might be best.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se