Decoded TNEFs get detected as COM executables

Mark Martinec Mark.Martinec+amavis at
Thu Jul 21 14:31:31 CEST 2011


> I recently upgraded the "file" utility to version 5.07.
> Since then I get a lot of false positives on winmail.dat attachments:
> The attachment "attributes" get detected as COM executables.
> I'm wondering why do_tnef() writes out the attachment attributes
> in the first place? Currently I'm testing this little patch:
 > [...]
> -    for my $attr_name ('AttachData','Attachment') {
> +    for my $attr_name ('AttachData') {
> No trouble so far. Mark, can you shed some light on this why it is needed?

I forgot the details, must be somewhere in the early archives of the
mailing list. Apparently we encountered cases where this was

> I'll also send a sample of the "attribute data" to the file author,
> maybe we can improve the detection.

Great. I see that you were successful and the fix to the file utility
was provided.


More information about the amavis-users mailing list