filetype rules and pptx files

[Julian Field]

On 05/05/2009 22:01, Rick Cooper wrote:
> ----Original Message----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul
> Lemmons Sent: Tuesday, May 05, 2009 1:45 PM To:
> mailscanner at lists.mailscanner.info Subject: filetype rules and pptx files
>
>    
>> Our CIO (of all people) is trying to send a PowerPoint 2007 document and
>> it is getting rejected. It turns out that the .pptx file is really a zip
>> archive and within that archive there is a file named "0000.dat" which
>> is getting identified as a DOS executable. When I extract the file and
>> run the file command against it I get the following:
>>
>> $ file  0000.dat
>> 0000.dat: DOS executable (device driver) for DOS
>>
>> $ file -i 0000.dat
>> 0000.dat: text/plain charset=iso-8859-1
>>
>> When I look at the file itself, it appears to be a bunch of binary zeros.
>>
>> I have tried to to add the following line to the filetypes.rules file:
>>
>> allow   -               text\/plain             -                       -
>> allow   -               text/plain              -                       -
>>
>> with no success.
>>
>> I also tried adding  the following line to the filenames.rules file:
>>
>> allow   \.dat$                  -       -
>>
>> with no success.
>>
>> And to save time on an obvious question or two, Yes, I am using tabs
>> between fields and Yes I am restarting MailScanner after an update.
>>
>> I am hoping that it is something very simple that I am missing. Any
>> assistance would be greatly appreciated.
>>      
> You are going to have to pass it in the flietype rules as well. And you
> should be able to handle this failry easily with the latest version of MS
> and you won't have to allow raw files of this type through. The latest
> version allows you to apply rules specific to files within archives, and I
> think even speficy the type of archive to unarchive for checks as well.
>    
Correct.
But give the MIME type stuff a go as well, as "file -i" may produce a 
very different answer for your 0000.dat file from the output of the 
plain "file" command with no "-i".


Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.