Checking file extensions based on the mime type returned by the file utility is very smart. That makes checking the mime type, based only on the client-provided mime-type a weird design choice. Is there a reason for this?
On 2 October 2014 15:37, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 10/2/2014 7:04 AM, Deeztek Support wrote: > > > > I guess I was mistaken that using the mime-type was more reliable > > than using a file extension since the file extension can be easily > > modified also? So, if I were to ban .rar files, and someone send me > > a rar file called "archive.rar" but they renamed it to "archive" it > > will still be blocked by Amavis? > > Yes, amavis uses the results of file(1) to determine the proper > extension, regardless of what the attachment is named. See the > notes in amavisd.conf and/or amavisd.conf-sample about the $banned_* > settings for details. > > > > -- Noel Jones >
