Deeztek Support writes:
I guess I was mistaken that using the mime-type was more reliable than using a file extension since the file extension can be easily modified also? So, if I were to ban .rar files, and someone send me a rar file called "archive.rar" but they renamed it to "archive" it will still be blocked by Amavis?
You can block (or not to block) on either a declared MIME type, or on a declared file name (potentially matching the declared file extension of you like), or based on a file extension as reported by a file(1) utility - which is not necessarily the same as the file extension of a declared file name. Joolee wrote:
Checking file extensions based on the mime type returned by the file utility is very smart.
All three pieces of information about a mail part are available to checking rules. Check whatever you need: - a MIME TYPE (Content-Type from a header), - a declared FILE NAME (including its declared extensikon, if any) from a MIME header or from an archive, - a file EXTENSION (always starts with a dot) as derived through @map_full_type_to_short_type_re from a result of a file(1) utility.
That makes checking the mime type, based only on the client-provided mime-type a weird design choice. Is there a reason for this?
Sure there is. If a mime header declares a content as application/x-ms-dos-executable or application/x-msdownload, a rule should be able to match this regardless of what the file(1) utility thinks of the content, and regardless of the declared file name. Rules are configurable, set whatever you think is right. Mark
