(no subject)
Glenn Steen
glenn.steen at gmail.com
Tue Oct 4 08:55:58 IST 2011
Den 3 okt 2011 15:57 skrev "Johan Hendriks" <Johan at double-l.nl>:
>
> >Hi guys
> >
> >I'm having problems with text being detected as MPEG files.
> >The error I'm getting from MS is:
> >
> >The following e-mails were found to have: Bad Filename Detected
> >
> > Sender: xxxxx at example.com
> >IP Address: 192.168.0.210
> > Recipient: yyyyy at example.>org
> > Subject: RE: Statistik
> > MessageID: p937N5Zx000344
> >Quarantine: /var/spool/MailScanner/quarantine/20111003/p937N5Zx000344
> > Report: MailScanner: No MPEG movies allowed (msg-2048-10.txt)
> >
> >This has been up before, but can't seem to find the solution.
> >
> >Any clues on how to handle this?
> >
> >The first couple of lines in the file is ( ? = danish character æ ):
> >
> >V?rsgo
> >
> >Glostrup Pakke blev ikke solgt i denne periode...
> >
> >The first 8 bytes of 'msg-2048-10.txt' in HEX are:
> >
> >00000000 56 E6 72 73 ¦ 67 6F 0A 20
> >
> >Using the file command, i get:
> >
> ># file msg-2048-10.txt
> >msg-2048-10.txt: MPEG-4 LOAS
> >
> >Adding an -i parameter give:
> >
> ># file -i msg-2048-10.txt
> >msg-2048-10.txt: audio/x-mp4a-latm; charset=iso-8859-1
> >
> ># MailScanner -V
> >Running on
> >Linux gphgw 2.6.30.5 #1 SMP PREEMPT Mon Sep 14 11:49:43 CEST 2009
> >i686 Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz GenuineIntel GNU/Linux
> >
> >This is Perl version 5.010001 (5.10.1)
> >This is MailScanner version 4.82.6
> >SpamAssassin 3.3.1
> >
> >All perl modules are up to date.
> >
> >--
> >Later
> >
> >Mogens Melander
>
> As far as i know, it is not clamav that Marks this as a non deliverable
mail but Mailscanner itself.
Mogens (and possibly your) problem is not caused by clam itself, but is a
side effect of presenting clam with the message text as a separate
file/attachment. Doing that means that all filters (including the file
command) will be run on that file... Fine for the anglophones, less good for
greek, danish, swedish etc, since common phrases will trigger ... naive ...
magic strings. So you can attack the problem two ways:
- tell MS not to store the message text for scanning, or
- change the magic strings to be less naive.
In the case of microsoft com executables, the magic is real bad, often
consisting of a singel byte of data, so there I'd recommend the latter
approach... Or turn off and be done using clam for spam, more or less;-)
Cheers
--
-- Glenn
> I have the same problem, but on my systems (FreeBSD) these file manifest
themselves as .com aka executeables.
>
> Sender: xxxx at yyyy.com
> IP Address: 85.233.160.19
> Recipient: aaaaaa at bbbbbbb.com
> Subject: ??: {Filename?} ??: ??? ????
> MessageID: 6CE3ED46417.AFAF9
> Quarantine: /var/spool/MailScanner/quarantine/20110929/6CE3ED46417.AFAF9
> Report: MailScanner: No programs allowed (msg-85973-48.txt)
>
> I still have not find a way to let them pass without allowing executeables
for the domains that send them.
>
> Regards
> Johan Hendriks
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111004/62c14e6b/attachment.html
More information about the MailScanner
mailing list