Filetype Checks: No executables on Japanese Emails

Peter Ong peter.ong at hypermediasystems.com
Wed Jun 2 19:50:23 IST 2010 

Actually, I just figured it out. I looked in the filetyperules file and the description gave me a clue of what to do. It worked.

But yes, it's the first two bytes. I know only by man file. Hehehe

p

----- Original Message -----

> From: "Alex Neuman" <alex at rtpty.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Wednesday, June 2, 2010 11:42:41 AM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> Can you tell which are the two bytes it thinks are indicators of a DOS
> COM file and fix the magic file?
> 
> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
> 
> > Hello Everyone,
> > 
> > How does one configure MailScanner such that this does not occur?
> Allow me to explain. The output below is the product of /usr/bin/file.
> I like this feature because it let's us discover the type of the file
> even if it is renamed to .txt. However, some Japanese emails when they
> are written a certain way cause this:
> > 
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks: No
> executables (CBD9757287.ACE77 msg-27972-9.txt)
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire message
> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
> "msg-27972-9.txt" to
> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
> CBD9757287.ACE77 to 75104572B2
> > 
> > What happens is the file named message will be quarantined along
> with msg-27972-9.txt which is actually the same message. When I run
> /usr/bin/file on "message" it tells me it's an email text message. But
> when I run it on msg-27972-9.txt it tells me it is a DOS COM file. The
> /usr/bin/file command decides the filetype by looking at the first 2
> bytes of the file. To mitigate this, I have told users to type an
> empty line or two blank spaces before they begin their japanese
> emails. However, this is not a graceful solution. Would anyone have a
> better suggestion? Thank you.
> > 
> > p
> > -- 
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > 
> > Before posting, read http://wiki.mailscanner.info/posting
> > 
> > Support MailScanner development - buy the book off the website! 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list