FileType rules show executable even though file shows data --
Please help fix.
Mark Sapiro
mark at msapiro.net
Wed Jul 7 02:05:43 IST 2010
On Wed, Jul 07, 2010 at 04:13:07AM +0000, Peter Ong wrote:
>
> The DOS warning is correct -- from the file command. The problem is that isn't the line where the message fails in the filetype.conf.rules. It fails on
> deny executable No executables No executables allowed
As it should because the output of "file msg-16388-1.txt: is
"DOS executable (COM)" and that is matched by the regexp "executable"
in the rule.
> There are two lines that shows "No programs allowed", but I changed one to say "No executables allowed" so depending on the error message I know that it failed on one of them, and it does fail on the "No executables" line.
>
> I only ran file on the msg file because Julian suggested it, and for everyone's edification, I posted the result here. The fact that the file command shows DOS executable (COM) should trigger the correct line in the error message which is:
>
> deny - x-dosexec No DOS executables No DOS programs allowed
The hyphen in the above rule makes it a "5 field" rule in which case,
the third field is matched against the mime type (output of file -i)
which in this case is "text/x-mail" so no match.
> But clearly based on my repeatable error messages, it fails not on this line, but "No exetables allowed". There is no attachment. It simply contains japanese characters.
The file command run against the message text (body without headers) says
this is a DOS executable and MailScanner is acting accordingly.
> The documentation on the top of the file said that I can have an optional third field which I have filled out, but there doesn't seem to be a known established way of filling it out. Our operation is being severely affected by this, and I don't know what else to do.
Both the second of four fields and the third of five fields (tab delimited)
are regexps that are matched respectively against the output of "file" or
the MIME type.
I think the reason your "allow - text/x-mail - -" rules don't work is that
FileType Rules is an "all match" ruleset and not a "first match" ruleset.
> I could really use help here.
>
> p
>
>
> ----- Original Message -----
>
> > From: "Denis Beauchemin" <Denis.Beauchemin at USherbrooke.ca>
> > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Sent: Tuesday, July 6, 2010 12:57:49 PM
> > Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
> >
> > Le 2010-07-06 15:14, Peter Ong a ?crit :
> > > I hate to keep beating a dead horse, but would anyone else have any
> > ideas? This problem is a serious interruption in our day to day
> > communications.
> > >
> > > p
> > >
> > > ----- Original Message -----
> > >
> > >> From: "Peter Ong"<peter.ong at hypermediasystems.com>
> > >> To: "MailScanner discussion"<mailscanner at lists.mailscanner.info>
> > >> Sent: Tuesday, July 6, 2010 11:05:17 AM
> > >> Subject: Re: FileType rules show executable even though file shows
> > data -- Please help fix.
> > >>
> > >> I am thoroughly confused.
> > >>
> > >> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)
> > >>
> > >> It is not getting caught on this line in the logs... it clearly
> > says
> > >> "No programs allowed".
> > >>
> > >> Is there documentation somewhere I'm neglecting to read?
> > >>
> > >> p
> >
> > Peter,
> >
> > A "DOS executable" is a program. Thus the warning is telling the
> > truth.
> >
> > Denis
> >
> > --
> > Denis Beauchemin, analyste
> > Universit? de Sherbrooke, S.T.I.
> > T: 819.821.8000x62252 F: 819.821.8045
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list