MailScanner: allowing attachments identified as text/plain by file -i

Volker Dose vpdose at kirchenweg.de
Wed Aug 5 17:01:47 UTC 2015 

Hi Heino,

I double-checked the TABs, this was not the issue. Still wondering, why I cannot get this to work.

Do you have this special setting actually in use?

I will set up a clone of my machine and do some testing with a new, blank filetype.rules.conf.

Best regards
Volker

> Am 30.07.2015 um 14:12 schrieb Heino Backhaus <heino.backhaus at fink-computer.de>:
> 
> Hello Volker,
> 
> 
> > If the "mime type" *and* the filetype fields are both specified (and
> > are not "-")
> 
> I do not think that the dash is the source of the problem.
> Eventualy this is a case of spaces instead of tabs.
> Please double check that you've used Tabs. Otherwise
> the line is ignored.
> 
> # NOTE: Fields are separated by TAB characters --- Important!
> 
> This can happen easily by editing the configfile in a Putty-Session
> with vi and using copy and paste.
> I had a similar thing today.
> 
> Mit freundlichen Gruessen
> 
> H. Backhaus
> 
> Fink-Computer Systeme
> Heggrabenstr. 9, 35435 Wettenberg
> Email: heino.backhaus at fink-computer.de
> Web: www.fink-computer.de
> Fax: +49-641-98444638
> Fon: +49-641-98444640
> UST-ID: DE151040770
> HRB: 2143 Gießen
> GF: Fredi Fink
> 
> "In retrospect it becomes clear that hindsight is definitely overrated!"
> 
>  -Alfred E. Neumann
> 
> Am 22.07.2015 um 14:21 schrieb Volker Dose:
>> Hi list,
>> 
>> I am struggling with the ”magic”  fifth field in filetype.rules.conf –
>> as so many others in the past, as far as I understand old posting.
>> 
>> Let me explain my settings:
>> 
>> I have a list of attachments, I do allow in filetype.rules.conf (like
>> text, pics, html, pdf and other stuff) and  the last line is a deny for
>> every other attachment. I did this, because I do not want to get
>> anything to my mailserver, where I am not 100% sure of the filetype – so
>> executables are banned and also every unknown  filetype.
>> 
>> This file looks like this:
>> 
>> 
>> -------
>> allow   ASCII text      ASCII text      ASCII text
>> allow   PC bitmap       PC bitmap       PC bitmap
>> allow   Emacs v18       Emacs v18       Emacs v18
>> allow   C++ source      C++ source      C++ source
>> allow   source          diverse source  diverse source
>> […]
>> deny            .*      Deny unidentified attachments
>> Deny unidentified attachments
>> ----------
>> 
>> 
>> But  from time to time I get a false positive, often non-english
>> text-parts are not very good identified, like Finnish or east-European
>> languages.  Often the pdf attachment is identified fine and mailscanner
>> processes it,  but txt and html-parts are too often blocked.
>> 
>> 
>> 
>> But using the file –I command I have a much higher rate of messages
>> identified as text or html mail-part.
>> 
>> So I wanted to use this  feature Julian implemented 2008:
>> 
>> 
>> ------------
>> This 5th field is optional, and specifies a regular expression which is
>> matched against the MIME type as determined by the "file -i" command.
>> 
>> If it is never specified, then the "file -i" command will never be run
>> on your message attachments so there is no appreciable overhead on the
>> speed of MailScanner caused by this new feature.
>> 
>> If the "mime type" *and* the filetype fields are both specified (and are
>> not "-") then either matching will cause the rule to fire. In a "deny"
>> rule like the example above, then *either* test firing will cause the
>> attachment to be blocked. In an "allow" rule then *both* of the tests
>> must pass to cause the attachment to be allowed and hence no more rules
>> to be checked. This sounds a bit odd but actually ends up doing pretty
>> much what you expect it to. I'm sure you'll let me know if I'm wrong
>> there :-)
>> ---------
>> 
>> I added a line like this in my filetype.rules.conf:
>> 
>> allow         -                            text/plain
>>    -                       -
>> 
>> But the message mentioned above still triggered my last line
>> 
>> deny            .*      Deny unidentified attachments
>> Deny unidentified attachments
>> 
>> 
>> For example: Yesterday I realized, the text-message of an email
>> (starting with the string “THX!”) war identified as “*AHX version*” from
>> my file (version 5.14) command but as *text/plain* with „file -i"
>> 
>> I understand the text from Julian, that both the “file” and the “file
>> -i”-field has to match  and added a line like this:
>> 
>> allow   AHX version     text/plain      -       -
>> 
>> Which works – but only because I  have added the “file”-regex to that
>> line, too.
>> 
>> I am looking for a “match all” at that point – the dash “-“ did not work
>> for me.
>> 
>> I wonder if there is a  way to allow  any attachments, that give you a
>> “text/plain” when using “file –i”.
>> 
>> 
>> Any help appreciated!
>> 
>> I am using MS-4.84.6-1 on a CentOS 6.6 32 bit.
>> 
>> And by the way: I love MailScanner – thanks to all of you helping make
>> the software work.
>> 
>> Best regards
>> Volker
>> 
>> 
>> 
>> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>

More information about the MailScanner mailing list