[Esd-l]
John D. Hardin
jhardin at impsec.org
Tue Feb 24 06:07:22 PST 2004
Marcela Doniov sez:
>
> procmail sanitizer 1.139 move e-mail with *.doc to quarantine why?
...{snip}
> procmail: Match on "^Content-Transfer-Encoding[ ]*:.*base64"
> procmail: Score: 2147483647 2147483647 "^Content-Type[ ]*:.*(application|multipart)/[^ ]*[ ]*;"
> procmail: Score: 0 0 "^TV[nopqr]....[AB]..A.A....*AAAA...*AAAA"
> procmail: Score: 2147483647 2147483647 "LnJkYXRhAA"
> procmail: Executing " formail -A "X-Content-Security: [$HOST] NOTIFY" \
> -A "X-Content-Security: [$HOST] QUARANTINE" \
> -A "X-Content-Security: [$HOST] REPORT: Trapped Windows executable attachment""
Either (1) the document isn't really a document, or (2) there is
another attachment to the message that is being trapped by the Windows
Executable Magic test.
It is very possible that the Windows Magic test is generating a false
positive. The single test that is matching looks pretty short to me...
Verify that the document is actually a document, scan it with an A/V
tool, and manually deliver it.
How frequently is this happening?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
39 days until the Slovakian Presidential Election
More information about the esd-l
mailing list