Russian KOI8-R from GMail users blocked
Joolee
mailscanner at joolee.nl
Mon Jun 11 15:59:00 IST 2012
file -i correctly returns text/plain. The charset isn't correct but that's
no problem.
The entry in my mailscanner.conf was simply:
> # Where the "file" command is installed.
> # This is used for checking the content type of files, regardless of their
> # filename.
> # To disable Filetype checking, set this value to blank.
> File Command = /usr/bin/file
>
I changed this to /usr/bin/file -i to try if it works.
Can Mailscanner use this output with default rulesets?
> allow text - -
> allow \bscript - -
> allow archive - -
> allow postscript - -
> deny self-extract No self-extracting archives No self-extracting
> archives allowed
> deny executable No executables No programs allowed 1
> #EXAMPLE: deny - x-dosexec No DOS executables No DOS programs allowed
> #deny ELF No executables No programs allowed
> deny Registry No Windows Registry entries No Windows Registry files
> allowed
>
> #deny MPEG No MPEG movies No MPEG movies allowed
> #deny AVI No AVI movies No AVI movies allowed
> #deny MNG No MNG/PNG movies No MNG movies allowed
> #deny QuickTime No QuickTime movies No QuickTime movies allowed
> #deny ASF No Windows media No Windows media files allowed
> #deny metafont No Windows Metafont drawings No WMF drawings allowed
>
I can't find a translation table anywhere so I think Mailscanner compares
these entry's directly with 'file' command's output.
On 8 June 2012 13:16, Martin Hepworth <maxsec at gmail.com> wrote:
> What version of mailScanner are you using?
>
> this sounds like an issue that was fixed along time ago by using "file -i"
> rather the "file" to get the mime type.
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
>
> On 8 June 2012 09:41, Joolee <mailscanner at joolee.nl> wrote:
>
>> I found out that it's just the file command and especially my magic file
>> that identifies the E-mails as executable.
>>
>> root at giselle:/usr/share/file# /usr/bin/file
>> /var/spool/MailScanner/quarantine/20120608/BF8292586.AA876/msg-14738-61.txt
>> /var/spool/MailScanner/quarantine/20120608/BF8292586.AA876/msg-14738-61.txt:
>> DOS executable (COM)
>>
>> My file version is 5.04 (newest in Ubuntu repo but there are newer ones
>> in ftp.astron.com) but I can't find out where I can get the newest
>> magic.mgc file. The files on the ftp server have to be compiled first.
>>
>>
>> On 8 June 2012 10:01, Andrew Colin Kissa <andrew at topdog.za.net> wrote:
>>
>>>
>>> On 08 Jun 2012, at 9:20 AM, Joolee wrote:
>>>
>>> > The E-mails itself are valid E-mails from Russian GMail users that are
>>> encoded with the KOI8-R encoding.. I can send a sample off list if anyone
>>> is interested.
>>>
>>> Send me the sample i will investigate.
>>>
>>> - Andrew
>>>
>>> --
>>> www.baruwa.org
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120611/6391dc2e/attachment.html
More information about the MailScanner
mailing list