Filetype Checks: No executables on Japanese Emails

Alex Broens ms-list at alexb.ch
Wed Jun 2 22:03:46 IST 2010 

On 2010-06-02 20:50, Peter Ong wrote:
> Actually, I just figured it out. I looked in the filetyperules file
> and the description gave me a clue of what to do. It worked.
> 
> But yes, it's the first two bytes. I know only by man file. Hehehe

My users get lots of these

File Command = /usr/bin/file -i

( -i, --mime                 output mime type strings)


fixed it elegantly without touching the magic strings.
(thanks to a hint from the list archive)

h2h

Alex


> ----- Original Message -----
> 
>> From: "Alex Neuman" <alex at rtpty.com> To: "MailScanner discussion"
>> <mailscanner at lists.mailscanner.info> Sent: Wednesday, June 2, 2010
>> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
>> Japanese Emails
>> 
>> Can you tell which are the two bytes it thinks are indicators of a
>> DOS COM file and fix the magic file?
>> 
>> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
>> 
>>> Hello Everyone,
>>> 
>>> How does one configure MailScanner such that this does not occur?
>>> 
>> Allow me to explain. The output below is the product of
>> /usr/bin/file. I like this feature because it let's us discover the
>> type of the file even if it is renamed to .txt. However, some
>> Japanese emails when they are written a certain way cause this:
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks:
>>> No
>> executables (CBD9757287.ACE77 msg-27972-9.txt)
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
>>> message
>> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
>> "msg-27972-9.txt" to 
>> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
>> CBD9757287.ACE77 to 75104572B2
>>> What happens is the file named message will be quarantined along
>> with msg-27972-9.txt which is actually the same message. When I run
>>  /usr/bin/file on "message" it tells me it's an email text message.
>> But when I run it on msg-27972-9.txt it tells me it is a DOS COM
>> file. The /usr/bin/file command decides the filetype by looking at
>> the first 2 bytes of the file. To mitigate this, I have told users
>> to type an empty line or two blank spaces before they begin their
>> japanese emails. However, this is not a graceful solution. Would
>> anyone have a better suggestion? Thank you.
>>> p -- MailScanner mailing list mailscanner at lists.mailscanner.info 
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>> -- MailScanner mailing list mailscanner at lists.mailscanner.info 
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list