FileType rules show executable even though file shows data -- Please help fix.

Peter Ong peter.ong at hypermediasystems.com
Tue Jul 6 20:14:02 IST 2010 

I hate to keep beating a dead horse, but would anyone else have any ideas? This problem is a serious interruption in our day to day communications.

p

----- Original Message -----

> From: "Peter Ong" <peter.ong at hypermediasystems.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Tuesday, July 6, 2010 11:05:17 AM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
> 
> I am thoroughly confused.
> 
> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)
> 
> It is not getting caught on this line in the logs... it clearly says
> "No programs allowed".
> 
> Is there documentation somewhere I'm neglecting to read?
> 
> p
> 
> ----- Original Message -----
> 
> > From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
> > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Sent: Tuesday, July 6, 2010 10:00:13 AM
> > Subject: Re: FileType rules show executable even though file shows
> data -- Please help fix.
> >
> > It's talking about the attachment in the message, not the message
> > body+headers itself.
> >
> > Do a "file" on msg-16388-1.txt (not a "file -i").
> >
> > On 06/07/2010 16:43, Peter Ong wrote:
> > > Hello Everyone,
> > >
> > > I really need help on this filetype issue.
> > >
> > > First, when I scan the original message it shows as "data", and
> when
> > I scan the mime version, it shows as "text/x-mail; charset=unknown".
> > >
> > > I keep getting this message even after I have edited the
> > filetype.conf.rules file:
> > > At Tue Jul  6 08:29:47 2010 the virus scanner said:
> > >     MailScanner: No programs allowed (msg-16388-1.txt)
> > >
> > >
> > > Proof:
> > > [root at gateway005.inf 64BCE572B7.A0F44]# file 64BCE572B7
> > > 64BCE572B7: data
> > >
> > > [root at gateway005.inf 64BCE572B7.A0F44]# file -i msg-16388-1.txt
> > > msg-16388-1.txt: text/x-mail; charset=unknown
> > >
> > > HELP!!! What can I do? Thank you in advance.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > These are the contents of my filetype.conf.rules file:
> > >
> > >
> > >
> > > allow   -       text    -       -
> > > allow   -       text    -       -
> > > allow   -       text/x-mail     -       -
> > > allow   -       text/plain      -       -
> > > allow   -       message/rfc822  -       -
> > > allow   -       text/x-mail     -       -
> > > allow   -       text/x-mail; charset=unknown    -
> > -<<<<<<<<<<<<<<<  I added this
> > > allow   -       text/plain      -       -
> > > allow   -       text/plain; charset=unknown     -       -
> > > allow   -       text/plain; charset=iso-8859-1  -       -
> > > allow   -       text/plain; charset=utf-8       -       -
> > > allow   -       text/plain; charset=iso-8859-1  -       -
> > > allow   text    text/x-mail     -       -
> > > allow   text    text/plain      -       -
> > > allow   text    message/rfc822  -       -
> > > allow   data    text/x-mail; charset=unknown    -
> > -<<<<<<<<<<<<<<  I added this
> > > allow   data    text/x-mail     -       -
> > > allow   data    text/plain      -       -
> > > allow   data    text/plain; charset=unknown     -       -
> > > allow   data    text/plain; charset=iso-8859-1  -       -
> > > allow   data    text/plain; charset=utf-8       -       -
> > > allow   RFC 822 mail text       text/plain; charset=iso-8859-1  -
> >    -
> > >
> > > allow   text            -                       -
> > > allow   data            -                       -
> > > allow   \bscript        -                       -
> > > allow   archive         -                       -
> > > allow   postscript      -                       -
> > > deny    self-extract    No self-extracting archives     No
> > self-extracting archives allowed
> > > deny    executable      No executables          No executables
> > allowed<<<<<<<<<<<<<<<<<<<  keeps getting caught here...
> > > #EXAMPLE: deny  -       x-dosexec       No DOS executables      No
> > DOS programs allowed
> > > deny    -       x-dosexec       No DOS executables      No DOS
> > programs allowed
> > > deny    ELF             No executables          No programs
> allowed
> > > deny    Registry        No Windows Registry entries     No Windows
> > Registry files allowed
> > >
> > > #deny   MPEG            No MPEG movies          No MPEG movies
> > allowed
> > > #deny   AVI             No AVI movies           No AVI movies
> > allowed
> > > #deny   MNG             No MNG/PNG movies       No MNG movies
> > allowed
> > > #deny   QuickTime       No QuickTime movies     No QuickTime
> movies
> > allowed
> > > #deny   ASF             No Windows media        No Windows media
> > files allowed
> > > #deny   metafont        No Windows Metafont drawings    No WMF
> > drawings allowed
> > >
> >
> > Jules
> >
> > --
> > Julian Field MEng CITP CEng
> > www.MailScanner.info
> > Buy the MailScanner book at www.MailScanner.info/store
> >
> > Need help customising MailScanner?
> > Contact me!
> > Need help fixing or optimising your systems?
> > Contact me!
> > Need help getting you started solving new requirements from your
> > boss?
> > Contact me!
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list