Filetype Checks: No executables on Japanese Emails

Peter Ong peter.ong at hypermediasystems.com
Wed Jun 2 19:31:58 IST 2010


Hello Everyone,

How does one configure MailScanner such that this does not occur? Allow me to explain. The output below is the product of /usr/bin/file. I like this feature because it let's us discover the type of the file even if it is renamed to .txt. However, some Japanese emails when they are written a certain way cause this:

Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks: No executables (CBD9757287.ACE77 msg-27972-9.txt)
Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire message to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected "msg-27972-9.txt" to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue: CBD9757287.ACE77 to 75104572B2

What happens is the file named message will be quarantined along with msg-27972-9.txt which is actually the same message. When I run /usr/bin/file on "message" it tells me it's an email text message. But when I run it on msg-27972-9.txt it tells me it is a DOS COM file. The /usr/bin/file command decides the filetype by looking at the first 2 bytes of the file. To mitigate this, I have told users to type an empty line or two blank spaces before they begin their japanese emails. However, this is not a graceful solution. Would anyone have a better suggestion? Thank you.

p


More information about the MailScanner mailing list