MailScanner: allowing attachments identified as text/plain by file -i

Wed Jul 22 12:21:47 UTC 2015

Hi list,

I am struggling with the ”magic”  fifth field in filetype.rules.conf – as so many others in the past, as far as I understand old posting.

Let me explain my settings:

I have a list of attachments, I do allow in filetype.rules.conf (like text, pics, html, pdf and other stuff) and  the last line is a deny for every other attachment. I did this, because I do not want to get anything to my mailserver, where I am not 100% sure of the filetype – so executables are banned and also every unknown  filetype.

This file looks like this:

-------
allow   ASCII text      ASCII text      ASCII text
allow   PC bitmap       PC bitmap       PC bitmap
allow   Emacs v18       Emacs v18       Emacs v18
allow   C++ source      C++ source      C++ source
allow   source          diverse source  diverse source
[…]
deny            .*      Deny unidentified attachments                   Deny unidentified attachments
----------

But  from time to time I get a false positive, often non-english text-parts are not very good identified, like Finnish or east-European languages.  Often the pdf attachment is identified fine and mailscanner processes it,  but txt and html-parts are too often blocked.

But using the file –I command I have a much higher rate of messages identified as text or html mail-part.

So I wanted to use this  feature Julian implemented 2008:

------------
This 5th field is optional, and specifies a regular expression which is
matched against the MIME type as determined by the "file -i" command.

If it is never specified, then the "file -i" command will never be run
on your message attachments so there is no appreciable overhead on the
speed of MailScanner caused by this new feature.

If the "mime type" *and* the filetype fields are both specified (and are
not "-") then either matching will cause the rule to fire. In a "deny"
rule like the example above, then *either* test firing will cause the
attachment to be blocked. In an "allow" rule then *both* of the tests
must pass to cause the attachment to be allowed and hence no more rules
to be checked. This sounds a bit odd but actually ends up doing pretty
much what you expect it to. I'm sure you'll let me know if I'm wrong
there :-)
---------

I added a line like this in my filetype.rules.conf:

allow         -                            text/plain                      -                       -

But the message mentioned above still triggered my last line

deny            .*      Deny unidentified attachments                   Deny unidentified attachments

For example: Yesterday I realized, the text-message of an email (starting with the string “THX!”) war identified as “AHX version” from my file (version 5.14) command but as text/plain with „file -i"

I understand the text from Julian, that both the “file” and the “file -i”-field has to match  and added a line like this:

allow   AHX version     text/plain      -       -

Which works – but only because I  have added the “file”-regex to that line, too.

I am looking for a “match all” at that point – the dash “-“ did not work for me.

I wonder if there is a  way to allow  any attachments, that give you a “text/plain” when using “file –i”.

Any help appreciated!

I am using MS-4.84.6-1 on a CentOS 6.6 32 bit.

And by the way: I love MailScanner – thanks to all of you helping make the software work.

Best regards
Volker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150722/4bb50ecb/attachment.html>