Daniel,
> >I think this message is just spam, and not something nefarious, but
> >amavisd flagged it as BANNED due to an exe. Can anyone tell if this
> >really was malware?
> >The file command does evaluate the text as executable:
> >[EMAIL PROTECTED] ~]$ file foo2.txt
> >foo2.txt: COM executable for DOS
Noel Jones writes:
> *probably* just a false-positive of file(1) matching on the funny
> character set.
Indeed. A misclassification by file(1). Interestingly an older
version (4.12) of file(1) classifies it as 'ISO-8859 text',
which is fine.
The following patch to amavisd (or to amavisd.conf if you have
an assignment to $map_full_type_to_short_type_re there,
overriding the default), maps 'COM executable for DOS' to
'asc', which is a form of a plain text.
--- amavisd~ Fri Jun 22 17:50:51 2007
+++ amavisd Tue Jun 26 20:31:58 2007
@@ -1038,2 +1038,3 @@
[qr/\bexecutable for MS Windows\b/ => ['exe','exe-ms'] ],
+ [qr/^COM executable for DOS\b/ => 'asc'], # misclassified?
[qr/^(MS-)?DOS executable\b(?!.*\(COM\))/ => ['exe','exe-ms'] ],
Mark
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
