FileType rules show executable even though file shows data -- Please help fix.

Peter Ong peter.ong at hypermediasystems.com
Tue Jul 6 16:43:18 IST 2010


Hello Everyone,

I really need help on this filetype issue.

First, when I scan the original message it shows as "data", and when I scan the mime version, it shows as "text/x-mail; charset=unknown".

I keep getting this message even after I have edited the filetype.conf.rules file:
At Tue Jul  6 08:29:47 2010 the virus scanner said:
   MailScanner: No programs allowed (msg-16388-1.txt)


Proof:
[root at gateway005.inf 64BCE572B7.A0F44]# file 64BCE572B7
64BCE572B7: data

[root at gateway005.inf 64BCE572B7.A0F44]# file -i msg-16388-1.txt
msg-16388-1.txt: text/x-mail; charset=unknown

HELP!!! What can I do? Thank you in advance.









These are the contents of my filetype.conf.rules file:



allow   -       text    -       -
allow   -       text    -       -
allow   -       text/x-mail     -       -
allow   -       text/plain      -       -
allow   -       message/rfc822  -       -
allow   -       text/x-mail     -       -
allow   -       text/x-mail; charset=unknown    -       - <<<<<<<<<<<<<<< I added this
allow   -       text/plain      -       -
allow   -       text/plain; charset=unknown     -       -
allow   -       text/plain; charset=iso-8859-1  -       -
allow   -       text/plain; charset=utf-8       -       -
allow   -       text/plain; charset=iso-8859-1  -       -
allow   text    text/x-mail     -       -
allow   text    text/plain      -       -
allow   text    message/rfc822  -       -
allow   data    text/x-mail; charset=unknown    -       - <<<<<<<<<<<<<< I added this
allow   data    text/x-mail     -       -
allow   data    text/plain      -       -
allow   data    text/plain; charset=unknown     -       -
allow   data    text/plain; charset=iso-8859-1  -       -
allow   data    text/plain; charset=utf-8       -       -
allow   RFC 822 mail text       text/plain; charset=iso-8859-1  -       -

allow   text            -                       -
allow   data            -                       -
allow   \bscript        -                       -
allow   archive         -                       -
allow   postscript      -                       -
deny    self-extract    No self-extracting archives     No self-extracting archives allowed
deny    executable      No executables          No executables allowed    <<<<<<<<<<<<<<<<<<< keeps getting caught here... 
#EXAMPLE: deny  -       x-dosexec       No DOS executables      No DOS programs allowed
deny    -       x-dosexec       No DOS executables      No DOS programs allowed
deny    ELF             No executables          No programs allowed
deny    Registry        No Windows Registry entries     No Windows Registry files allowed

#deny   MPEG            No MPEG movies          No MPEG movies allowed
#deny   AVI             No AVI movies           No AVI movies allowed
#deny   MNG             No MNG/PNG movies       No MNG movies allowed
#deny   QuickTime       No QuickTime movies     No QuickTime movies allowed
#deny   ASF             No Windows media        No Windows media files allowed
#deny   metafont        No Windows Metafont drawings    No WMF drawings allowed


More information about the MailScanner mailing list