Decoded TNEFs get detected as COM executables
Thomas Jarosch
thomas.jarosch at intra2net.com
Tue Jul 19 11:19:01 CEST 2011
Hello,
I recently upgraded the "file" utility to version 5.07.
Since then I get a lot of false positives on winmail.dat attachments:
The attachment "attributes" get detected as COM executables.
I'm wondering why do_tnef() writes out the attachment attributes
in the first place? Currently I'm testing this little patch:
-------------------------------------------------
--- amavisd.before 2011-07-19 11:02:34.000000000 +0200
+++ amavisd 2011-07-19 11:04:03.874828428 +0200
@@ -23724,7 +23724,7 @@
defined $tnef or die "Convert::TNEF failed: ".$Convert::TNEF::errstr;
my($item_num) = 0; my($parent_placement) = $part->mime_placement;
for my $a ($tnef->message, $tnef->attachments) {
- for my $attr_name ('AttachData','Attachment') {
+ for my $attr_name ('AttachData') {
my($dh) = $a->datahandle($attr_name);
if (defined $dh) {
my($newpart_obj)= Amavis::Unpackers::Part->new("$tempdir/parts",
$part);
-------------------------------------------------
No trouble so far. Mark, can you shed some light on this why it is needed?
I'll also send a sample of the "attribute data" to the file author,
maybe we can improve the detection.
Thanks,
Thomas
More information about the amavis-users
mailing list