FileType rules show executable even though file shows data -- Please help fix.

Peter Ong peter.ong at hypermediasystems.com
Wed Jul 7 21:32:33 IST 2010


Hi Mark,

Thanks for that. Help me clarify a few things:

> As it should because the output of "file msg-16388-1.txt: is
> "DOS executable (COM)" and that is matched by the regexp "executable"
> in the rule.

I see. And that would be the second of four fields counting from the left, correct? I thought it was only regexp if it they were enclosed in slashes such as /executable/. Am I wrong?

> > There are two lines that shows "No programs allowed", but I changed
> one to say "No executables allowed" so depending on the error message
> I know that it failed on one of them, and it does fail on the "No
> executables" line.
> > 
> > I only ran file on the msg file because Julian suggested it, and for
> everyone's edification, I posted the result here. The fact that the
> file command shows DOS executable (COM) should trigger the correct
> line in the error message which is:
> > 
> > deny    -       x-dosexec       No DOS executables      No DOS
> programs allowed

I apologize. In my frustration, I pasted the wrong line from the filetypes.conf.rules file. I meant to paste this one:
deny    executable      No executables          No executables allowed

This is where I had changed the word "programs" to "executables"  so I can determine which line is triggering.

> The hyphen in the above rule makes it a "5 field" rule in which case,
> the third field is matched against the mime type (output of file -i)
> which in this case is "text/x-mail" so no match.

Can someone explain how these fields work? The instructions on top of the file are too terse for me.

The second of five field is for the result of the "file" command, and the third of five field is for the output of "file -i". Do both fields have to be filled out or just one? Are they evaluated as && or ||? I'm not sure. As you can see in my original post, I tried to put in all combinations, just in case. Are those fields always evaluated as regex? Because if so that means I need to escape special characters, but I don't know whether it's always regex or just as a string.

I thought it went this way... there are two files in the folder. One is named after a postfix unique identifier... 012A34ABC and the other is msg-1234-1.txt. I thought the first file was scanned by "file" and the second scanned by "file -i". Tell me if I got this wrong.

> I think the reason your "allow - text/x-mail - -" rules don't work is
> that
> FileType Rules is an "all match" ruleset and not a "first match"
> ruleset.

Can you please explain what you mean by this?

p


More information about the MailScanner mailing list