<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Shawn,<div class=""><br class=""></div><div class="">I appreciate you running this down. I agree with idea of allowing a block device driver isn’t a great idea, but it seems this is how Office 2007 encodes certain items. At least they removed that crap in later versions. <br class=""><div apple-content-edited="true" class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br class="Apple-interchange-newline">-</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Jerry Benton</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="http://www.mailborder.com" class="">www.mailborder.com</a></div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On May 2, 2015, at 3:56 PM, Shawn Iverson <<a href="mailto:IversonS@rushville.k12.in.us" class="">IversonS@rushville.k12.in.us</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Ok....no expert on filetype magic here....but this is what I see....<div class=""><br class=""></div><div class="">File v5.22 has the following magic:</div><div class=""><br class=""></div><div class=""><div class="">0 ulequad&0x07a0ffffffff 0xffffffff DOS executable (</div><div class="">>4 uleshort&0x8000 0x0000 \bblock device driver</div><div class="">>0 ubyte x \b)</div></div><div class=""><br class=""></div><div class="">And the .dat file starts off with</div><div class=""><br class=""></div><div class="">ffff ffff<br class=""></div><div class=""><br class=""></div><div class="">which hits the DOS executable part</div><div class=""><br class=""></div><div class="">and then has a bunch of</div><div class=""><br class=""></div><div class="">0000</div><div class=""><br class=""></div><div class="">which is the block device driver part</div><div class=""><br class=""></div><div class="">Which is a very very generic test and will fire on a lot of things.</div><div class=""><br class=""></div><div class="">Here's the quick and dirty fix for this problem assuming the dat files are commonly formatted in this fashion in Office documents:</div><div class=""><br class=""></div><div class="">archive.filetype.rules.conf:</div><div class=""><div class=""># Allow .dat files in newer MS Office documents</div><div class="">allow DOS executable (block device driver) - -</div></div><div class=""><br class=""></div><div class="">A more elaborate solution will involve modifying the source, but I am struggling with how the code might identify the documents and then apply an exception since this is such a generic test and will affect a lot of things.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">On Thu, Apr 16, 2015 at 3:45 PM, Jerry Benton <span dir="ltr" class=""><<a href="mailto:jerry.benton@mailborder.com" target="_blank" class="">jerry.benton@mailborder.com</a>></span> wrote:<br class=""></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Has anyone dealt with this? I can’t decide if I should mod the source or just change the configs:<br class="">
<br class="">
- Microsoft document comes through with some sort of dat file embedded. While MS see that dat file as text/plain, the character set is binary, so it nails it as an executable.<br class="">
- Allowing executables will allow the file.<br class="">
<br class="">
So, there’s the rub. Under the current code we have to allow executables for these “newer” types of Microsoft documents to get through. This isn’t restricted to just Microsoft. There are several other file formats that make MailScanner fire on this.<br class="">
<br class="">
<br class="">
Ideas?<br class="">
<br class="">
-<br class="">
Jerry Benton<br class="">
<a href="http://www.mailborder.com/" target="_blank" class="">www.mailborder.com</a><br class="">
<span class=""><font color="#888888" class=""><br class="">
<br class="">
<br class="">
<br class="">
<br class="">
--<br class="">
MailScanner mailing list<br class="">
<a href="mailto:mailscanner@lists.mailscanner.info" class="">mailscanner@lists.mailscanner.info</a><br class="">
<a href="http://lists.mailscanner.info/listinfo/mailscanner" target="_blank" class="">http://lists.mailscanner.info/listinfo/mailscanner</a><br class="">
<br class="">
</font></span></blockquote></div><br class=""><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div class="gmail_signature"><div dir="ltr" class="">Shawn Iverson<div class="">Director of Technology</div><div class="">Rush County Schools</div><div class="">765-932-3901 x271</div><div class=""><a href="mailto:iversons@rushville.k12.in.us" target="_blank" class="">iversons@rushville.k12.in.us</a></div></div></div>
</div></div>
<br class=""><br class="">-- <br class="">MailScanner mailing list<br class=""><a href="mailto:mailscanner@lists.mailscanner.info" class="">mailscanner@lists.mailscanner.info</a><br class="">http://lists.mailscanner.info/listinfo/mailscanner<br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>