Decoded TNEFs get detected as COM executables
Mark Martinec
Mark.Martinec+amavis at ijs.si
Thu Jul 21 14:31:31 CEST 2011
Thomas,
> I recently upgraded the "file" utility to version 5.07.
>
> Since then I get a lot of false positives on winmail.dat attachments:
> The attachment "attributes" get detected as COM executables.
>
> I'm wondering why do_tnef() writes out the attachment attributes
> in the first place? Currently I'm testing this little patch:
> [...]
> - for my $attr_name ('AttachData','Attachment') {
> + for my $attr_name ('AttachData') {
> No trouble so far. Mark, can you shed some light on this why it is needed?
I forgot the details, must be somewhere in the early archives of the
mailing list. Apparently we encountered cases where this was
necessary.
> I'll also send a sample of the "attribute data" to the file author,
> maybe we can improve the detection.
Great. I see that you were successful and the fix to the file utility
was provided.
Mark
More information about the amavis-users
mailing list