Daniel, > >I think this message is just spam, and not something nefarious, but > >amavisd flagged it as BANNED due to an exe. Can anyone tell if this > >really was malware?
> >The file command does evaluate the text as executable: > >[EMAIL PROTECTED] ~]$ file foo2.txt > >foo2.txt: COM executable for DOS Noel Jones writes: > *probably* just a false-positive of file(1) matching on the funny > character set. Indeed. A misclassification by file(1). Interestingly an older version (4.12) of file(1) classifies it as 'ISO-8859 text', which is fine. The following patch to amavisd (or to amavisd.conf if you have an assignment to $map_full_type_to_short_type_re there, overriding the default), maps 'COM executable for DOS' to 'asc', which is a form of a plain text. --- amavisd~ Fri Jun 22 17:50:51 2007 +++ amavisd Tue Jun 26 20:31:58 2007 @@ -1038,2 +1038,3 @@ [qr/\bexecutable for MS Windows\b/ => ['exe','exe-ms'] ], + [qr/^COM executable for DOS\b/ => 'asc'], # misclassified? [qr/^(MS-)?DOS executable\b(?!.*\(COM\))/ => ['exe','exe-ms'] ], Mark ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/