Executables within docx files?
Patrik Båt via amavis-users
amavis-users at amavis.org
Tue Nov 5 14:52:20 CET 2013
On tis 5 nov 2013 02:16:37, Alex wrote:
> Hi,
>
> I'm sorry to resurrect a month-old thread, but I'm still having a
> problem and it hasn't yet been fixed upstream.
>
> If you recall this thread, the problem is with 'file' misidentifying
> docx files with [trash]/0001.dat files in them as ARCHIVES,
> potentially resulting in them being tagged as a virus.
>
> On Fri, Sep 6, 2013 at 9:34 AM, Patrik Båt <pb at osix.eu> wrote:
>> On fre 6 sep 2013 01:35:30, Alex wrote:
>>> Hi,
>>>
>>>>> Running latest file, will not return ARCHIVE and amavis will not
>>>>> extract it and .dat or .dat (catche-all) will not trigger, so update
>>>>> file and your magics.
>>>>>
>>>>> thats how i solved it.
>>>>>
>>>>> eg:
>>>>> file ./test1.docx
>>>>> ./test1.docx: Microsoft Word 2007+
>>>>
>>>> Can you confirm what version that's working for you? I'd like to be
>>>> able to grab the one from fc19 if possible.
>>>
>>> Turns out fc19 doesn't work properly.
>>>
>>> I updated the fc19 RPM with the 5.14 source, and it also fails.
>>>
>>> It would be great if you could confirm which version is working for
>>> you, and if you could identify the magic pattern that's used so I can
>>> reference it on my system.
>>>
>>> Thanks!
>>> Alex
>>
>> I'm using file from debian sid repo.
>
> This hasn't yet been fixed in file proper. Can you either forward me
> your magic files or have any idea how I can get this fixed with
> fedora?
>
> I tried writing an exclusion in amavisd:
>
> [ qr'^\[trash\]/[0-9a-f]{4}\.dat$' => 0 ], # allow any in
> Unix-type archives
>
> but apparently it doesn't work, because another docx file was tagged.
>
> Any ideas greatly appreciated.
> Thanks,
> Alex
Hello again!
just download this:
http://ftp.se.debian.org/debian/pool/main/f/file/file_5.14-2_amd64.deb
extract and take the magics!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20131105/e02461fa/attachment.sig>
More information about the amavis-users
mailing list