FileType rules show executable even though file shows data -- Please help fix.

Peter Ong peter.ong at hypermediasystems.com
Tue Jul 6 19:05:17 IST 2010 

I am thoroughly confused.

./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)

It is not getting caught on this line in the logs... it clearly says "No programs allowed".

Is there documentation somewhere I'm neglecting to read?

p

----- Original Message -----

> From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Tuesday, July 6, 2010 10:00:13 AM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
> 
> It's talking about the attachment in the message, not the message 
> body+headers itself.
> 
> Do a "file" on msg-16388-1.txt (not a "file -i").
> 
> On 06/07/2010 16:43, Peter Ong wrote:
> > Hello Everyone,
> >
> > I really need help on this filetype issue.
> >
> > First, when I scan the original message it shows as "data", and when
> I scan the mime version, it shows as "text/x-mail; charset=unknown".
> >
> > I keep getting this message even after I have edited the
> filetype.conf.rules file:
> > At Tue Jul  6 08:29:47 2010 the virus scanner said:
> >     MailScanner: No programs allowed (msg-16388-1.txt)
> >
> >
> > Proof:
> > [root at gateway005.inf 64BCE572B7.A0F44]# file 64BCE572B7
> > 64BCE572B7: data
> >
> > [root at gateway005.inf 64BCE572B7.A0F44]# file -i msg-16388-1.txt
> > msg-16388-1.txt: text/x-mail; charset=unknown
> >
> > HELP!!! What can I do? Thank you in advance.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > These are the contents of my filetype.conf.rules file:
> >
> >
> >
> > allow   -       text    -       -
> > allow   -       text    -       -
> > allow   -       text/x-mail     -       -
> > allow   -       text/plain      -       -
> > allow   -       message/rfc822  -       -
> > allow   -       text/x-mail     -       -
> > allow   -       text/x-mail; charset=unknown    -      
> -<<<<<<<<<<<<<<<  I added this
> > allow   -       text/plain      -       -
> > allow   -       text/plain; charset=unknown     -       -
> > allow   -       text/plain; charset=iso-8859-1  -       -
> > allow   -       text/plain; charset=utf-8       -       -
> > allow   -       text/plain; charset=iso-8859-1  -       -
> > allow   text    text/x-mail     -       -
> > allow   text    text/plain      -       -
> > allow   text    message/rfc822  -       -
> > allow   data    text/x-mail; charset=unknown    -      
> -<<<<<<<<<<<<<<  I added this
> > allow   data    text/x-mail     -       -
> > allow   data    text/plain      -       -
> > allow   data    text/plain; charset=unknown     -       -
> > allow   data    text/plain; charset=iso-8859-1  -       -
> > allow   data    text/plain; charset=utf-8       -       -
> > allow   RFC 822 mail text       text/plain; charset=iso-8859-1  -   
>    -
> >
> > allow   text            -                       -
> > allow   data            -                       -
> > allow   \bscript        -                       -
> > allow   archive         -                       -
> > allow   postscript      -                       -
> > deny    self-extract    No self-extracting archives     No
> self-extracting archives allowed
> > deny    executable      No executables          No executables
> allowed<<<<<<<<<<<<<<<<<<<  keeps getting caught here...
> > #EXAMPLE: deny  -       x-dosexec       No DOS executables      No
> DOS programs allowed
> > deny    -       x-dosexec       No DOS executables      No DOS
> programs allowed
> > deny    ELF             No executables          No programs allowed
> > deny    Registry        No Windows Registry entries     No Windows
> Registry files allowed
> >
> > #deny   MPEG            No MPEG movies          No MPEG movies
> allowed
> > #deny   AVI             No AVI movies           No AVI movies
> allowed
> > #deny   MNG             No MNG/PNG movies       No MNG movies
> allowed
> > #deny   QuickTime       No QuickTime movies     No QuickTime movies
> allowed
> > #deny   ASF             No Windows media        No Windows media
> files allowed
> > #deny   metafont        No Windows Metafont drawings    No WMF
> drawings allowed
> >    
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list