MailScanner

Popular Threads From MailScanner:

Docx problems

MailScanner ANNOUNCE: Dropoff

FileType rules show executable even though file shows data -- Please help fix.

New beta release 4.81.2

Spam from same email ID.

List Statistics

Total Threads: 847
Total Posts: 1912

Phrases Used to Find This Thread

Page 1 of 1

06-07-2010 04:43 PM

MailScanner member admin is online now

User

06-07-2010 06:25 PM

MailScanner member admin is online now

User

06-07-2010 06:27 PM

MailScanner member admin is online now

User

06-07-2010 07:05 PM

MailScanner member admin is online now

User

06-07-2010 08:14 PM

MailScanner member admin is online now

User

06-07-2010 08:57 PM

MailScanner member admin is online now

User

06-07-2010 09:13 PM

MailScanner member admin is online now

User

06-07-2010 10:05 PM

MailScanner member admin is online now

User

07-07-2010 02:05 AM

MailScanner member admin is online now

User

#10

07-07-2010 09:37 AM

MailScanner member admin is online now

User

#11

07-07-2010 09:32 PM

MailScanner member admin is online now

User

#12

07-07-2010 09:33 PM

MailScanner member admin is online now

User

#13

07-07-2010 10:58 PM

MailScanner member admin is online now

User

#14

08-07-2010 12:41 AM

MailScanner member admin is online now

User

Hello Everyone,

I really need help on this filetype issue.

First, when I scan the original message it shows as "data", and when I scan the mime version, it shows as "text/x-mail; charset=unknown".

I keep getting this message even after I have edited the filetype.conf.rules file:
At Tue Jul 6 08:29:47 2010 the virus scanner said:
MailScanner: No programs allowed (msg-16388-1.txt)

Proof:
[ 64BCE572B7.A0F44]# file 64BCE572B7
64BCE572B7: data

[ 64BCE572B7.A0F44]# file -i msg-16388-1.txt
msg-16388-1.txt: text/x-mail; charset=unknown

HELP!!! What can I do? Thank you in advance.

These are the contents of my filetype.conf.rules file:

allow - text - -
allow - text - -
allow - text/x-mail - -
allow - text/plain - -
allow - message/rfc822 - -
allow - text/x-mail - -
allow - text/x-mail; charset=unknown - - <<<<<<<<<<<<<<< I added this
allow - text/plain - -
allow - text/plain; charset=unknown - -
allow - text/plain; charset=iso-8859-1 - -
allow - text/plain; charset=utf-8 - -
allow - text/plain; charset=iso-8859-1 - -
allow text text/x-mail - -
allow text text/plain - -
allow text message/rfc822 - -
allow data text/x-mail; charset=unknown - - <<<<<<<<<<<<<< I added this
allow data text/x-mail - -
allow data text/plain - -
allow data text/plain; charset=unknown - -
allow data text/plain; charset=iso-8859-1 - -
allow data text/plain; charset=utf-8 - -
allow RFC 822 mail text text/plain; charset=iso-8859-1 - -

allow text - -
allow data - -
allow \bscript - -
allow archive - -
allow postscript - -
deny self-extract No self-extracting archives No self-extracting archives allowed
deny executable No executables No executables allowed <<<<<<<<<<<<<<<<<<< keeps getting caught here...
#EXAMPLE: deny - x-do****ec No DOS executables No DOS programs allowed
deny - x-do****ec No DOS executables No DOS programs allowed
deny ELF No executables No programs allowed
deny Registry No Windows Registry entries No Windows Registry files allowed

#deny MPEG No MPEG movies No MPEG movies allowed
#deny AVI No AVI movies No AVI movies allowed
#deny MNG No MNG/PNG movies No MNG movies allowed
#deny QuickTime No QuickTime movies No QuickTime movies allowed
#deny ASF No Windows media No Windows media files allowed
#deny metafont No Windows Metafont drawings No WMF drawings allowed
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
But there is no attachment.

p

----- Original Message -----

> From: "Julian Field" <>
> To: "MailScanner discussion" <>
> Sent: Tuesday, July 6, 2010 10:00:13 AM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>
> It's talking about the attachment in the message, not the message
> body+headers itself.
>
> Do a "file" on msg-16388-1.txt (not a "file -i").
>
> On 06/07/2010 16:43, Peter Ong wrote:
> > Hello Everyone,
> >
> > I really need help on this filetype issue.
> >
> > First, when I scan the original message it shows as "data", and when
> I scan the mime version, it shows as "text/x-mail; charset=unknown".
> >
> > I keep getting this message even after I have edited the
> filetype.conf.rules file:
> > At Tue Jul 6 08:29:47 2010 the virus scanner said:
> > MailScanner: No programs allowed (msg-16388-1.txt)
> >
> >
> > Proof:
> > [ 64BCE572B7.A0F44]# file 64BCE572B7
> > 64BCE572B7: data
> >
> > [ 64BCE572B7.A0F44]# file -i msg-16388-1.txt
> > msg-16388-1.txt: text/x-mail; charset=unknown
> >
> > HELP!!! What can I do? Thank you in advance.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > These are the contents of my filetype.conf.rules file:
> >
> >
> >
> > allow - text - -
> > allow - text - -
> > allow - text/x-mail - -
> > allow - text/plain - -
> > allow - message/rfc822 - -
> > allow - text/x-mail - -
> > allow - text/x-mail; charset=unknown -
> -<<<<<<<<<<<<<< > allow - text/plain - -
> > allow - text/plain; charset=unknown - -
> > allow - text/plain; charset=iso-8859-1 - -
> > allow - text/plain; charset=utf-8 - -
> > allow - text/plain; charset=iso-8859-1 - -
> > allow text text/x-mail - -
> > allow text text/plain - -
> > allow text message/rfc822 - -
> > allow data text/x-mail; charset=unknown -
> -<<<<<<<<<<<<< > allow data text/x-mail - -
> > allow data text/plain - -
> > allow data text/plain; charset=unknown - -
> > allow data text/plain; charset=iso-8859-1 - -
> > allow data text/plain; charset=utf-8 - -
> > allow RFC 822 mail text text/plain; charset=iso-8859-1 -
> -
> >
> > allow text - -
> > allow data - -
> > allow \bscript - -
> > allow archive - -
> > allow postscript - -
> > deny self-extract No self-extracting archives No
> self-extracting archives allowed
> > deny executable No executables No executables
> allowed<<<<<<<<<<<<<<<<<<< keeps getting caught here...
> > #EXAMPLE: deny - x-do****ec No DOS executables No
> DOS programs allowed
> > deny - x-do****ec No DOS executables No DOS
> programs allowed
> > deny ELF No executables No programs allowed
> > deny Registry No Windows Registry entries No Windows
> Registry files allowed
> >
> > #deny MPEG No MPEG movies No MPEG movies
> allowed
> > #deny AVI No AVI movies No AVI movies
> allowed
> > #deny MNG No MNG/PNG movies No MNG movies
> allowed
> > #deny QuickTime No QuickTime movies No QuickTime movies
> allowed
> > #deny ASF No Windows media No Windows media
> files allowed
> > #deny metafont No Windows Metafont drawings No WMF
> drawings allowed
> >
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
That message msg-16388-1.txt is the message itself.

p

----- Original Message -----

> From: "Julian Field" <>
> To: "MailScanner discussion" <>
> Sent: Tuesday, July 6, 2010 10:00:13 AM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>
> It's talking about the attachment in the message, not the message
> body+headers itself.
>
> Do a "file" on msg-16388-1.txt (not a "file -i").
>
> On 06/07/2010 16:43, Peter Ong wrote:
> > Hello Everyone,
> >
> > I really need help on this filetype issue.
> >
> > First, when I scan the original message it shows as "data", and when
> I scan the mime version, it shows as "text/x-mail; charset=unknown".
> >
> > I keep getting this message even after I have edited the
> filetype.conf.rules file:
> > At Tue Jul 6 08:29:47 2010 the virus scanner said:
> > MailScanner: No programs allowed (msg-16388-1.txt)
> >
> >
> > Proof:
> > [ 64BCE572B7.A0F44]# file 64BCE572B7
> > 64BCE572B7: data
> >
> > [ 64BCE572B7.A0F44]# file -i msg-16388-1.txt
> > msg-16388-1.txt: text/x-mail; charset=unknown
> >
> > HELP!!! What can I do? Thank you in advance.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > These are the contents of my filetype.conf.rules file:
> >
> >
> >
> > allow - text - -
> > allow - text - -
> > allow - text/x-mail - -
> > allow - text/plain - -
> > allow - message/rfc822 - -
> > allow - text/x-mail - -
> > allow - text/x-mail; charset=unknown -
> -<<<<<<<<<<<<<< > allow - text/plain - -
> > allow - text/plain; charset=unknown - -
> > allow - text/plain; charset=iso-8859-1 - -
> > allow - text/plain; charset=utf-8 - -
> > allow - text/plain; charset=iso-8859-1 - -
> > allow text text/x-mail - -
> > allow text text/plain - -
> > allow text message/rfc822 - -
> > allow data text/x-mail; charset=unknown -
> -<<<<<<<<<<<<< > allow data text/x-mail - -
> > allow data text/plain - -
> > allow data text/plain; charset=unknown - -
> > allow data text/plain; charset=iso-8859-1 - -
> > allow data text/plain; charset=utf-8 - -
> > allow RFC 822 mail text text/plain; charset=iso-8859-1 -
> -
> >
> > allow text - -
> > allow data - -
> > allow \bscript - -
> > allow archive - -
> > allow postscript - -
> > deny self-extract No self-extracting archives No
> self-extracting archives allowed
> > deny executable No executables No executables
> allowed<<<<<<<<<<<<<<<<<<< keeps getting caught here...
> > #EXAMPLE: deny - x-do****ec No DOS executables No
> DOS programs allowed
> > deny - x-do****ec No DOS executables No DOS
> programs allowed
> > deny ELF No executables No programs allowed
> > deny Registry No Windows Registry entries No Windows
> Registry files allowed
> >
> > #deny MPEG No MPEG movies No MPEG movies
> allowed
> > #deny AVI No AVI movies No AVI movies
> allowed
> > #deny MNG No MNG/PNG movies No MNG movies
> allowed
> > #deny QuickTime No QuickTime movies No QuickTime movies
> allowed
> > #deny ASF No Windows media No Windows media
> files allowed
> > #deny metafont No Windows Metafont drawings No WMF
> drawings allowed
> >
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
I am thoroughly confused.

./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)

It is not getting caught on this line in the logs... it clearly says "No programs allowed".

Is there documentation somewhere I'm neglecting to read?

p

----- Original Message -----

> From: "Julian Field" <>
> To: "MailScanner discussion" <>
> Sent: Tuesday, July 6, 2010 10:00:13 AM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>
> It's talking about the attachment in the message, not the message
> body+headers itself.
>
> Do a "file" on msg-16388-1.txt (not a "file -i").
>
> On 06/07/2010 16:43, Peter Ong wrote:
> > Hello Everyone,
> >
> > I really need help on this filetype issue.
> >
> > First, when I scan the original message it shows as "data", and when
> I scan the mime version, it shows as "text/x-mail; charset=unknown".
> >
> > I keep getting this message even after I have edited the
> filetype.conf.rules file:
> > At Tue Jul 6 08:29:47 2010 the virus scanner said:
> > MailScanner: No programs allowed (msg-16388-1.txt)
> >
> >
> > Proof:
> > [ 64BCE572B7.A0F44]# file 64BCE572B7
> > 64BCE572B7: data
> >
> > [ 64BCE572B7.A0F44]# file -i msg-16388-1.txt
> > msg-16388-1.txt: text/x-mail; charset=unknown
> >
> > HELP!!! What can I do? Thank you in advance.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > These are the contents of my filetype.conf.rules file:
> >
> >
> >
> > allow - text - -
> > allow - text - -
> > allow - text/x-mail - -
> > allow - text/plain - -
> > allow - message/rfc822 - -
> > allow - text/x-mail - -
> > allow - text/x-mail; charset=unknown -
> -<<<<<<<<<<<<<< > allow - text/plain - -
> > allow - text/plain; charset=unknown - -
> > allow - text/plain; charset=iso-8859-1 - -
> > allow - text/plain; charset=utf-8 - -
> > allow - text/plain; charset=iso-8859-1 - -
> > allow text text/x-mail - -
> > allow text text/plain - -
> > allow text message/rfc822 - -
> > allow data text/x-mail; charset=unknown -
> -<<<<<<<<<<<<< > allow data text/x-mail - -
> > allow data text/plain - -
> > allow data text/plain; charset=unknown - -
> > allow data text/plain; charset=iso-8859-1 - -
> > allow data text/plain; charset=utf-8 - -
> > allow RFC 822 mail text text/plain; charset=iso-8859-1 -
> -
> >
> > allow text - -
> > allow data - -
> > allow \bscript - -
> > allow archive - -
> > allow postscript - -
> > deny self-extract No self-extracting archives No
> self-extracting archives allowed
> > deny executable No executables No executables
> allowed<<<<<<<<<<<<<<<<<<< keeps getting caught here...
> > #EXAMPLE: deny - x-do****ec No DOS executables No
> DOS programs allowed
> > deny - x-do****ec No DOS executables No DOS
> programs allowed
> > deny ELF No executables No programs allowed
> > deny Registry No Windows Registry entries No Windows
> Registry files allowed
> >
> > #deny MPEG No MPEG movies No MPEG movies
> allowed
> > #deny AVI No AVI movies No AVI movies
> allowed
> > #deny MNG No MNG/PNG movies No MNG movies
> allowed
> > #deny QuickTime No QuickTime movies No QuickTime movies
> allowed
> > #deny ASF No Windows media No Windows media
> files allowed
> > #deny metafont No Windows Metafont drawings No WMF
> drawings allowed
> >
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
I hate to keep beating a dead horse, but would anyone else have any ideas? This problem is a serious interruption in our day to day communications.

p

----- Original Message -----

> From: "Peter Ong" <>
> To: "MailScanner discussion" <>
> Sent: Tuesday, July 6, 2010 11:05:17 AM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>
> I am thoroughly confused.
>
> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)
>
> It is not getting caught on this line in the logs... it clearly says
> "No programs allowed".
>
> Is there documentation somewhere I'm neglecting to read?
>
> p
>
> ----- Original Message -----
>
> > From: "Julian Field" <>
> > To: "MailScanner discussion" <>
> > Sent: Tuesday, July 6, 2010 10:00:13 AM
> > Subject: Re: FileType rules show executable even though file shows
> data -- Please help fix.
> >
> > It's talking about the attachment in the message, not the message
> > body+headers itself.
> >
> > Do a "file" on msg-16388-1.txt (not a "file -i").
> >
> > On 06/07/2010 16:43, Peter Ong wrote:
> > > Hello Everyone,
> > >
> > > I really need help on this filetype issue.
> > >
> > > First, when I scan the original message it shows as "data", and
> when
> > I scan the mime version, it shows as "text/x-mail; charset=unknown".
> > >
> > > I keep getting this message even after I have edited the
> > filetype.conf.rules file:
> > > At Tue Jul 6 08:29:47 2010 the virus scanner said:
> > > MailScanner: No programs allowed (msg-16388-1.txt)
> > >
> > >
> > > Proof:
> > > [ 64BCE572B7.A0F44]# file 64BCE572B7
> > > 64BCE572B7: data
> > >
> > > [ 64BCE572B7.A0F44]# file -i msg-16388-1.txt
> > > msg-16388-1.txt: text/x-mail; charset=unknown
> > >
> > > HELP!!! What can I do? Thank you in advance.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > These are the contents of my filetype.conf.rules file:
> > >
> > >
> > >
> > > allow - text - -
> > > allow - text - -
> > > allow - text/x-mail - -
> > > allow - text/plain - -
> > > allow - message/rfc822 - -
> > > allow - text/x-mail - -
> > > allow - text/x-mail; charset=unknown -
> > -<<<<<<<<<<<<<< > > allow - text/plain - -
> > > allow - text/plain; charset=unknown - -
> > > allow - text/plain; charset=iso-8859-1 - -
> > > allow - text/plain; charset=utf-8 - -
> > > allow - text/plain; charset=iso-8859-1 - -
> > > allow text text/x-mail - -
> > > allow text text/plain - -
> > > allow text message/rfc822 - -
> > > allow data text/x-mail; charset=unknown -
> > -<<<<<<<<<<<<< > > allow data text/x-mail - -
> > > allow data text/plain - -
> > > allow data text/plain; charset=unknown - -
> > > allow data text/plain; charset=iso-8859-1 - -
> > > allow data text/plain; charset=utf-8 - -
> > > allow RFC 822 mail text text/plain; charset=iso-8859-1 -
> > -
> > >
> > > allow text - -
> > > allow data - -
> > > allow \bscript - -
> > > allow archive - -
> > > allow postscript - -
> > > deny self-extract No self-extracting archives No
> > self-extracting archives allowed
> > > deny executable No executables No executables
> > allowed<<<<<<<<<<<<<<<<<<< keeps getting caught here...
> > > #EXAMPLE: deny - x-do****ec No DOS executables No
> > DOS programs allowed
> > > deny - x-do****ec No DOS executables No DOS
> > programs allowed
> > > deny ELF No executables No programs
> allowed
> > > deny Registry No Windows Registry entries No Windows
> > Registry files allowed
> > >
> > > #deny MPEG No MPEG movies No MPEG movies
> > allowed
> > > #deny AVI No AVI movies No AVI movies
> > allowed
> > > #deny MNG No MNG/PNG movies No MNG movies
> > allowed
> > > #deny QuickTime No QuickTime movies No QuickTime
> movies
> > allowed
> > > #deny ASF No Windows media No Windows media
> > files allowed
> > > #deny metafont No Windows Metafont drawings No WMF
> > drawings allowed
> > >
> >
> > Jules
> >
> > --
> > Julian Field MEng CITP CEng
> > www.MailScanner.info
> > Buy the MailScanner book at www.MailScanner.info/store
> >
> > Need help customising MailScanner?
> > Contact me!
> > Need help fixing or optimising your systems?
> > Contact me!
> > Need help getting you started solving new requirements from your
> > boss?
> > Contact me!
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > --
> > MailScanner mailing list
> >
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
Le 2010-07-06 15:14, Peter Ong a écrit :
> I hate to keep beating a dead horse, but would anyone else have any ideas? This problem is a serious interruption in our day to day communications.
>
> p
>
> ----- Original Message -----
>
>> From: "Peter Ong"<>
>> To: "MailScanner discussion"<>
>> Sent: Tuesday, July 6, 2010 11:05:17 AM
>> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>>
>> I am thoroughly confused.
>>
>> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)
>>
>> It is not getting caught on this line in the logs... it clearly says
>> "No programs allowed".
>>
>> Is there documentation somewhere I'm neglecting to read?
>>
>> p

Peter,

A "DOS executable" is a program. Thus the warning is telling the truth.

Denis

--
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045

--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) Sorry guys...

The DOS warning is correct -- from the file command. The problem is that isn't the line where the message fails in the filetype.conf.rules. It fails on
deny executable No executables No executables allowed

There are two lines that shows "No programs allowed", but I changed one to say "No executables allowed" so depending on the error message I know that it failed on one of them, and it does fail on the "No executables" line.

I only ran file on the msg file because Julian suggested it, and for everyone's edification, I posted the result here. The fact that the file command shows DOS executable (COM) should trigger the correct line in the error message which is:

deny - x-do****ec No DOS executables No DOS programs allowed

But clearly based on my repeatable error messages, it fails not on this line, but "No exetables allowed". There is no attachment. It simply contains japanese characters.

The documentation on the top of the file said that I can have an optional third field which I have filled out, but there doesn't seem to be a known established way of filling it out. Our operation is being severely affected by this, and I don't know what else to do.

I could really use help here.

p

----- Original Message -----

> From: "Denis Beauchemin" <>
> To: "MailScanner discussion" <>
> Sent: Tuesday, July 6, 2010 12:57:49 PM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>
> Le 2010-07-06 15:14, Peter Ong a écrit :
> > I hate to keep beating a dead horse, but would anyone else have any
> ideas? This problem is a serious interruption in our day to day
> communications.
> >
> > p
> >
> > ----- Original Message -----
> >
> >> From: "Peter Ong"<>
> >> To: "MailScanner discussion"<>
> >> Sent: Tuesday, July 6, 2010 11:05:17 AM
> >> Subject: Re: FileType rules show executable even though file shows
> data -- Please help fix.
> >>
> >> I am thoroughly confused.
> >>
> >> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)
> >>
> >> It is not getting caught on this line in the logs... it clearly
> says
> >> "No programs allowed".
> >>
> >> Is there documentation somewhere I'm neglecting to read?
> >>
> >> p
>
> Peter,
>
> A "DOS executable" is a program. Thus the warning is telling the
> truth.
>
> Denis
>
> --
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x62252 F: 819.821.8045
>
> --
> MailScanner mailing list
>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
What if I wanted to get commercial support? Would they be able to solve this?

p

----- Original Message -----

> From: "Peter Ong" <>
> To: "MailScanner discussion" <>
> Sent: Tuesday, July 6, 2010 1:13:07 PM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>
> Sorry guys...
>
> The DOS warning is correct -- from the file command. The problem is
> that isn't the line where the message fails in the
> filetype.conf.rules. It fails on
> deny executable No executables No executables
> allowed
>
> There are two lines that shows "No programs allowed", but I changed
> one to say "No executables allowed" so depending on the error message
> I know that it failed on one of them, and it does fail on the "No
> executables" line.
>
> I only ran file on the msg file because Julian suggested it, and for
> everyone's edification, I posted the result here. The fact that the
> file command shows DOS executable (COM) should trigger the correct
> line in the error message which is:
>
> deny - x-do****ec No DOS executables No DOS
> programs allowed
>
> But clearly based on my repeatable error messages, it fails not on
> this line, but "No exetables allowed". There is no attachment. It
> simply contains japanese characters.
>
> The documentation on the top of the file said that I can have an
> optional third field which I have filled out, but there doesn't seem
> to be a known established way of filling it out. Our operation is
> being severely affected by this, and I don't know what else to do.
>
> I could really use help here.
>
> p
>
>
> ----- Original Message -----
>
> > From: "Denis Beauchemin" <>
> > To: "MailScanner discussion" <>
> > Sent: Tuesday, July 6, 2010 12:57:49 PM
> > Subject: Re: FileType rules show executable even though file shows
> data -- Please help fix.
> >
> > Le 2010-07-06 15:14, Peter Ong a écrit :
> > > I hate to keep beating a dead horse, but would anyone else have
> any
> > ideas? This problem is a serious interruption in our day to day
> > communications.
> > >
> > > p
> > >
> > > ----- Original Message -----
> > >
> > >> From: "Peter Ong"<>
> > >> To: "MailScanner discussion"<>
> > >> Sent: Tuesday, July 6, 2010 11:05:17 AM
> > >> Subject: Re: FileType rules show executable even though file
> shows
> > data -- Please help fix.
> > >>
> > >> I am thoroughly confused.
> > >>
> > >> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable
> (COM)
> > >>
> > >> It is not getting caught on this line in the logs... it clearly
> > says
> > >> "No programs allowed".
> > >>
> > >> Is there documentation somewhere I'm neglecting to read?
> > >>
> > >> p
> >
> > Peter,
> >
> > A "DOS executable" is a program. Thus the warning is telling the
> > truth.
> >
> > Denis
> >
> > --
> > Denis Beauchemin, analyste
> > Université de Sherbrooke, S.T.I.
> > T: 819.821.8000x62252 F: 819.821.8045
> >
> > --
> > MailScanner mailing list
> >
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
On Wed, Jul 07, 2010 at 04:13:07AM +0000, Peter Ong wrote:
>
> The DOS warning is correct -- from the file command. The problem is that isn't the line where the message fails in the filetype.conf.rules. It fails on
> deny executable No executables No executables allowed

As it should because the output of "file msg-16388-1.txt: is
"DOS executable (COM)" and that is matched by the regexp "executable"
in the rule.

> There are two lines that shows "No programs allowed", but I changed one to say "No executables allowed" so depending on the error message I know that it failed on one of them, and it does fail on the "No executables" line.
>
> I only ran file on the msg file because Julian suggested it, and for everyone's edification, I posted the result here. The fact that the file command shows DOS executable (COM) should trigger the correct line in the error message which is:
>
> deny - x-do****ec No DOS executables No DOS programs allowed

The hyphen in the above rule makes it a "5 field" rule in which case,
the third field is matched against the mime type (output of file -i)
which in this case is "text/x-mail" so no match.

> But clearly based on my repeatable error messages, it fails not on this line, but "No exetables allowed". There is no attachment. It simply contains japanese characters.

The file command run against the message text (body without headers) says
this is a DOS executable and MailScanner is acting accordingly.

> The documentation on the top of the file said that I can have an optional third field which I have filled out, but there doesn't seem to be a known established way of filling it out. Our operation is being severely affected by this, and I don't know what else to do.

Both the second of four fields and the third of five fields (tab delimited)
are regexps that are matched respectively against the output of "file" or
the MIME type.

I think the reason your "allow - text/x-mail - -" rules don't work is that
FileType Rules is an "all match" ruleset and not a "first match" ruleset.

> I could really use help here.
>
> p
>
>
> ----- Original Message -----
>
> > From: "Denis Beauchemin" <>
> > To: "MailScanner discussion" <>
> > Sent: Tuesday, July 6, 2010 12:57:49 PM
> > Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
> >
> > Le 2010-07-06 15:14, Peter Ong a ?crit :
> > > I hate to keep beating a dead horse, but would anyone else have any
> > ideas? This problem is a serious interruption in our day to day
> > communications.
> > >
> > > p
> > >
> > > ----- Original Message -----
> > >
> > >> From: "Peter Ong"<>
> > >> To: "MailScanner discussion"<>
> > >> Sent: Tuesday, July 6, 2010 11:05:17 AM
> > >> Subject: Re: FileType rules show executable even though file shows
> > data -- Please help fix.
> > >>
> > >> I am thoroughly confused.
> > >>
> > >> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)
> > >>
> > >> It is not getting caught on this line in the logs... it clearly
> > says
> > >> "No programs allowed".
> > >>
> > >> Is there documentation somewhere I'm neglecting to read?
> > >>
> > >> p
> >
> > Peter,
> >
> > A "DOS executable" is a program. Thus the warning is telling the
> > truth.
> >
> > Denis
> >
> > --
> > Denis Beauchemin, analyste
> > Universit? de Sherbrooke, S.T.I.
> > T: 819.821.8000x62252 F: 819.821.8045
> >
> > --
> > MailScanner mailing list
> >
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!

--
Mark Sapiro <> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
Please can you zip up the original raw queue message file and mail it to
me off-list.

Jules.

On 06/07/2010 21:13, Peter Ong wrote:
> Sorry guys...
>
> The DOS warning is correct -- from the file command. The problem is that isn't the line where the message fails in the filetype.conf.rules. It fails on
> deny executable No executables No executables allowed
>
> There are two lines that shows "No programs allowed", but I changed one to say "No executables allowed" so depending on the error message I know that it failed on one of them, and it does fail on the "No executables" line.
>
> I only ran file on the msg file because Julian suggested it, and for everyone's edification, I posted the result here. The fact that the file command shows DOS executable (COM) should trigger the correct line in the error message which is:
>
> deny - x-do****ec No DOS executables No DOS programs allowed
>
> But clearly based on my repeatable error messages, it fails not on this line, but "No exetables allowed". There is no attachment. It simply contains japanese characters.
>
> The documentation on the top of the file said that I can have an optional third field which I have filled out, but there doesn't seem to be a known established way of filling it out. Our operation is being severely affected by this, and I don't know what else to do.
>
> I could really use help here.
>
> p
>
>
> ----- Original Message -----
>
>
>> From: "Denis Beauchemin"<>
>> To: "MailScanner discussion"<>
>> Sent: Tuesday, July 6, 2010 12:57:49 PM
>> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>>
>> Le 2010-07-06 15:14, Peter Ong a écrit :
>>
>>> I hate to keep beating a dead horse, but would anyone else have any
>>>
>> ideas? This problem is a serious interruption in our day to day
>> communications.
>>
>>> p
>>>
>>> ----- Original Message -----
>>>
>>>
>>>> From: "Peter Ong"<>
>>>> To: "MailScanner discussion"<>
>>>> Sent: Tuesday, July 6, 2010 11:05:17 AM
>>>> Subject: Re: FileType rules show executable even though file shows
>>>>
>> data -- Please help fix.
>>
>>>> I am thoroughly confused.
>>>>
>>>> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable (COM)
>>>>
>>>> It is not getting caught on this line in the logs... it clearly
>>>>
>> says
>>
>>>> "No programs allowed".
>>>>
>>>> Is there documentation somewhere I'm neglecting to read?
>>>>
>>>> p
>>>>
>> Peter,
>>
>> A "DOS executable" is a program. Thus the warning is telling the
>> truth.
>>
>> Denis
>>
>> --
>> Denis Beauchemin, analyste
>> Université de Sherbrooke, S.T.I.
>> T: 819.821.8000x62252 F: 819.821.8045
>>
>> --
>> MailScanner mailing list
>>
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
Hi Mark,

Thanks for that. Help me clarify a few things:

> As it should because the output of "file msg-16388-1.txt: is
> "DOS executable (COM)" and that is matched by the regexp "executable"
> in the rule.

I see. And that would be the second of four fields counting from the left, correct? I thought it was only regexp if it they were enclosed in slashes such as /executable/. Am I wrong?

> > There are two lines that shows "No programs allowed", but I changed
> one to say "No executables allowed" so depending on the error message
> I know that it failed on one of them, and it does fail on the "No
> executables" line.
> >
> > I only ran file on the msg file because Julian suggested it, and for
> everyone's edification, I posted the result here. The fact that the
> file command shows DOS executable (COM) should trigger the correct
> line in the error message which is:
> >
> > deny - x-do****ec No DOS executables No DOS
> programs allowed

I apologize. In my frustration, I pasted the wrong line from the filetypes.conf.rules file. I meant to paste this one:
deny executable No executables No executables allowed

This is where I had changed the word "programs" to "executables" so I can determine which line is triggering.

> The hyphen in the above rule makes it a "5 field" rule in which case,
> the third field is matched against the mime type (output of file -i)
> which in this case is "text/x-mail" so no match.

Can someone explain how these fields work? The instructions on top of the file are too terse for me.

The second of five field is for the result of the "file" command, and the third of five field is for the output of "file -i". Do both fields have to be filled out or just one? Are they evaluated as && or ||? I'm not sure. As you can see in my original post, I tried to put in all combinations, just in case. Are those fields always evaluated as regex? Because if so that means I need to escape special characters, but I don't know whether it's always regex or just as a string.

I thought it went this way... there are two files in the folder. One is named after a postfix unique identifier... 012A34ABC and the other is msg-1234-1.txt. I thought the first file was scanned by "file" and the second scanned by "file -i". Tell me if I got this wrong.

> I think the reason your "allow - text/x-mail - -" rules don't work is
> that
> FileType Rules is an "all match" ruleset and not a "first match"
> ruleset.

Can you please explain what you mean by this?

p
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
Thanks Jules. Will do that, and I'll explain some more.

p

----- Original Message -----

> From: "Jules Field" <>
> To: "MailScanner discussion" <>
> Sent: Wednesday, July 7, 2010 1:37:08 AM
> Subject: Re: FileType rules show executable even though file shows data -- Please help fix.
>
> Please can you zip up the original raw queue message file and mail it
> to
> me off-list.
>
> Jules.
>
> On 06/07/2010 21:13, Peter Ong wrote:
> > Sorry guys...
> >
> > The DOS warning is correct -- from the file command. The problem is
> that isn't the line where the message fails in the
> filetype.conf.rules. It fails on
> > deny executable No executables No executables
> allowed
> >
> > There are two lines that shows "No programs allowed", but I changed
> one to say "No executables allowed" so depending on the error message
> I know that it failed on one of them, and it does fail on the "No
> executables" line.
> >
> > I only ran file on the msg file because Julian suggested it, and for
> everyone's edification, I posted the result here. The fact that the
> file command shows DOS executable (COM) should trigger the correct
> line in the error message which is:
> >
> > deny - x-do****ec No DOS executables No DOS
> programs allowed
> >
> > But clearly based on my repeatable error messages, it fails not on
> this line, but "No exetables allowed". There is no attachment. It
> simply contains japanese characters.
> >
> > The documentation on the top of the file said that I can have an
> optional third field which I have filled out, but there doesn't seem
> to be a known established way of filling it out. Our operation is
> being severely affected by this, and I don't know what else to do.
> >
> > I could really use help here.
> >
> > p
> >
> >
> > ----- Original Message -----
> >
> >
> >> From: "Denis Beauchemin"<>
> >> To: "MailScanner discussion"<>
> >> Sent: Tuesday, July 6, 2010 12:57:49 PM
> >> Subject: Re: FileType rules show executable even though file shows
> data -- Please help fix.
> >>
> >> Le 2010-07-06 15:14, Peter Ong a écrit :
> >>
> >>> I hate to keep beating a dead horse, but would anyone else have
> any
> >>>
> >> ideas? This problem is a serious interruption in our day to day
> >> communications.
> >>
> >>> p
> >>>
> >>> ----- Original Message -----
> >>>
> >>>
> >>>> From: "Peter Ong"<>
> >>>> To: "MailScanner discussion"<>
> >>>> Sent: Tuesday, July 6, 2010 11:05:17 AM
> >>>> Subject: Re: FileType rules show executable even though file
> shows
> >>>>
> >> data -- Please help fix.
> >>
> >>>> I am thoroughly confused.
> >>>>
> >>>> ./20100706/64BCE572B7.A0F44/msg-16388-1.txt: DOS executable
> (COM)
> >>>>
> >>>> It is not getting caught on this line in the logs... it clearly
> >>>>
> >> says
> >>
> >>>> "No programs allowed".
> >>>>
> >>>> Is there documentation somewhere I'm neglecting to read?
> >>>>
> >>>> p
> >>>>
> >> Peter,
> >>
> >> A "DOS executable" is a program. Thus the warning is telling the
> >> truth.
> >>
> >> Denis
> >>
> >> --
> >> Denis Beauchemin, analyste
> >> Université de Sherbrooke, S.T.I.
> >> T: 819.821.8000x62252 F: 819.821.8045
> >>
> >> --
> >> MailScanner mailing list
> >>
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)
Hi Mark,

> I think the reason your "allow - text/x-mail - -" rules don't work is
> that
> FileType Rules is an "all match" ruleset and not a "first match"
> ruleset.

What do you mean by this? Does it go down the lines and stop at the first match or does it behave differently? Do both 2/5 or 2/4 and 3/5 (fields) have to be filled out or only one? If it's regex, do I have to escape the spaces so string1\ string2 and so on?

p
--
MailScanner mailing list

http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
) On Thu, Jul 08, 2010 at 04:32:33AM +0000, Peter Ong wrote:
> Hi Mark,
>
> Thanks for that. Help me clarify a few things:
>
> > As it should because the output of "file msg-16388-1.txt: is
> > "DOS executable (COM)" and that is matched by the regexp "executable"
> > in the rule.
>
> I see. And that would be the second of four fields counting from the left, correct? I thought it was only regexp if it they were enclosed in slashes such as /executable/. Am I wrong?

I don't know for sure. I'm going for regexp because that's what it says
at the top of the file, but regexp or "substring match" would give the
same result in this case with no "pattern characters". It seems clear
it's not an "exact full string" match in any case.

> > > There are two lines that shows "No programs allowed", but I changed
> > one to say "No executables allowed" so depending on the error message
> > I know that it failed on one of them, and it does fail on the "No
> > executables" line.
> > >
> > > I only ran file on the msg file because Julian suggested it, and for
> > everyone's edification, I posted the result here. The fact that the
> > file command shows DOS executable (COM) should trigger the correct
> > line in the error message which is:
> > >
> > > deny - x-do****ec No DOS executables No DOS
> > programs allowed
>
> I apologize. In my frustration, I pasted the wrong line from the filetypes.conf.rules file. I meant to paste this one:
> deny executable No executables No executables allowed
>
> This is where I had changed the word "programs" to "executables" so I can determine which line is triggering.

Right, and that's the rule you said matched and it matches because "file"
says "DOS executable (COM)" which is matched by "executable".

> > The hyphen in the above rule makes it a "5 field" rule in which case,
> > the third field is matched against the mime type (output of file -i)
> > which in this case is "text/x-mail" so no match.
>
> Can someone explain how these fields work? The instructions on top of the file are too terse for me.
>
> The second of five field is for the result of the "file" command, and the third of five field is for the output of "file -i". Do both fields have to be filled out or just one?

I think that's not quite right. I *think* if you want to match against
the "file" output, you use a four field rule and the second field is the
match, and if you want to match "file -i", you use a five field rule and
the third field is the match. In the latter case, in the example, the
second field is a "-" because, I think, it is ignored. Clearly the two
field matches are not anded because the hyphen in the example wouldn't
match and the rule wouldn't match. I don't think they are ored either,
I *think* in a five field rule the second field is merely a placeholder
to make five fields and is ignored.

> Are they evaluated as && or ||? I'm not sure. As you can see in my original post, I tried to put in all combinations, just in case. Are those fields always evaluated as regex? Because if so that means I need to escape special characters, but I don't know whether it's always regex or just as a string.

I don't really know the answer to that.

> I thought it went this way... there are two files in the folder. One is named after a postfix unique identifier... 012A34ABC and the other is msg-1234-1.txt. I thought the first file was scanned by "file" and the second scanned by "file -i". Tell me if I got this wrong.

That's not the way it works in my quarantine. In mine, for messages with
content issues I have a directory under the date directory named, e.g.
"BB7596900BE.A6E7E", and under that there is a file named "message" which
contains the entire raw message. This is not examined by either "file" or
"file -i" because they just say "RFC 822 mail text" and "message/rfc822"
respectively. Also under the "queue id + entropy" directory are one or
more files, such as your msg-1234-1.txt file which are the contents of
the message body and/or multiple MIME message parts. It is these message
parts which are examined by "file" and/or "file -i".

> > I think the reason your "allow - text/x-mail - -" rules don't work is
> > that
> > FileType Rules is an "all match" ruleset and not a "first match"
> > ruleset.
>
> Can you please explain what you mean by this?

I did explain this somewhat in another reply, but basically, in this
context, I think if any Deny rule matches, the message will be denied
even if Allow rules that match precede or follow the matching Deny
rule.

--
San Francisco Bay Area, California better use your sense - B. Dylan
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
)

#15

08-07-2010 03:29 PM

MailScanner member admin is online now

User

#16

08-07-2010 05:34 PM

MailScanner member admin is online now

User

#17

07-02-2011 07:11 PM

MailScanner member admin is online now

User

#18

07-02-2011 07:12 PM

MailScanner member admin is online now

User

#19

07-02-2011 07:20 PM

MailScanner member admin is online now

User

#20

07-02-2011 07:26 PM

MailScanner member admin is online now

User

Page 1 of 1

NewsArc Lists | Culture Pages | Computing Archive | Media-Pages

Link to this page on your blog or website by copying the HTML code below and pasting it into your site:

Next Thread »