MailScanner: allowing attachments identified as text/plain by file -i

Heino Backhaus heino.backhaus at fink-computer.de
Thu Jul 30 12:12:40 UTC 2015 

Hello Volker,


 > If the "mime type" *and* the filetype fields are both specified (and
 > are not "-")

I do not think that the dash is the source of the problem.
Eventualy this is a case of spaces instead of tabs.
Please double check that you've used Tabs. Otherwise
the line is ignored.

# NOTE: Fields are separated by TAB characters --- Important!

This can happen easily by editing the configfile in a Putty-Session
with vi and using copy and paste.
I had a similar thing today.

Mit freundlichen Gruessen

H. Backhaus

Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de
Web: www.fink-computer.de
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink

"In retrospect it becomes clear that hindsight is definitely overrated!"

   -Alfred E. Neumann

Am 22.07.2015 um 14:21 schrieb Volker Dose:
> Hi list,
>
> I am struggling with the ”magic”  fifth field in filetype.rules.conf –
> as so many others in the past, as far as I understand old posting.
>
> Let me explain my settings:
>
> I have a list of attachments, I do allow in filetype.rules.conf (like
> text, pics, html, pdf and other stuff) and  the last line is a deny for
> every other attachment. I did this, because I do not want to get
> anything to my mailserver, where I am not 100% sure of the filetype – so
> executables are banned and also every unknown  filetype.
>
> This file looks like this:
>
>
> -------
> allow   ASCII text      ASCII text      ASCII text
> allow   PC bitmap       PC bitmap       PC bitmap
> allow   Emacs v18       Emacs v18       Emacs v18
> allow   C++ source      C++ source      C++ source
> allow   source          diverse source  diverse source
> […]
> deny            .*      Deny unidentified attachments
> Deny unidentified attachments
> ----------
>
>
> But  from time to time I get a false positive, often non-english
> text-parts are not very good identified, like Finnish or east-European
> languages.  Often the pdf attachment is identified fine and mailscanner
> processes it,  but txt and html-parts are too often blocked.
>
>
>
> But using the file –I command I have a much higher rate of messages
> identified as text or html mail-part.
>
> So I wanted to use this  feature Julian implemented 2008:
>
>
> ------------
> This 5th field is optional, and specifies a regular expression which is
> matched against the MIME type as determined by the "file -i" command.
>
> If it is never specified, then the "file -i" command will never be run
> on your message attachments so there is no appreciable overhead on the
> speed of MailScanner caused by this new feature.
>
> If the "mime type" *and* the filetype fields are both specified (and are
> not "-") then either matching will cause the rule to fire. In a "deny"
> rule like the example above, then *either* test firing will cause the
> attachment to be blocked. In an "allow" rule then *both* of the tests
> must pass to cause the attachment to be allowed and hence no more rules
> to be checked. This sounds a bit odd but actually ends up doing pretty
> much what you expect it to. I'm sure you'll let me know if I'm wrong
> there :-)
> ---------
>
> I added a line like this in my filetype.rules.conf:
>
> allow         -                            text/plain
>     -                       -
>
> But the message mentioned above still triggered my last line
>
> deny            .*      Deny unidentified attachments
> Deny unidentified attachments
>
>
> For example: Yesterday I realized, the text-message of an email
> (starting with the string “THX!”) war identified as “*AHX version*” from
> my file (version 5.14) command but as *text/plain* with „file -i"
>
> I understand the text from Julian, that both the “file” and the “file
> -i”-field has to match  and added a line like this:
>
> allow   AHX version     text/plain      -       -
>
> Which works – but only because I  have added the “file”-regex to that
> line, too.
>
> I am looking for a “match all” at that point – the dash “-“ did not work
> for me.
>
> I wonder if there is a  way to allow  any attachments, that give you a
> “text/plain” when using “file –i”.
>
>
> Any help appreciated!
>
> I am using MS-4.84.6-1 on a CentOS 6.6 32 bit.
>
> And by the way: I love MailScanner – thanks to all of you helping make
> the software work.
>
> Best regards
> Volker
>
>
>
>

More information about the MailScanner mailing list