Executables within docx files?

Patrik Båt via amavis-users amavis-users at amavis.org
Tue Nov 5 14:52:20 CET 2013

On tis  5 nov 2013 02:16:37, Alex wrote:
> Hi,
> I'm sorry to resurrect a month-old thread, but I'm still having a
> problem and it hasn't yet been fixed upstream.
> If you recall this thread, the problem is with 'file' misidentifying
> docx files with [trash]/0001.dat files in them as ARCHIVES,
> potentially resulting in them being tagged as a virus.
> On Fri, Sep 6, 2013 at 9:34 AM, Patrik Båt <pb at osix.eu> wrote:
>> On fre  6 sep 2013 01:35:30, Alex wrote:
>>> Hi,
>>>>> Running latest file, will not return ARCHIVE and amavis will not
>>>>> extract it and .dat or .dat (catche-all) will not trigger, so update
>>>>> file and your magics.
>>>>> thats how i solved it.
>>>>> eg:
>>>>> file ./test1.docx
>>>>> ./test1.docx: Microsoft Word 2007+
>>>> Can you confirm what version that's working for you? I'd like to be
>>>> able to grab the one from fc19 if possible.
>>> Turns out fc19 doesn't work properly.
>>> I updated the fc19 RPM with the 5.14 source, and it also fails.
>>> It would be great if you could confirm which version is working for
>>> you, and if you could identify the magic pattern that's used so I can
>>> reference it on my system.
>>> Thanks!
>>> Alex
>> I'm using file from debian sid repo.
> This hasn't yet been fixed in file proper. Can you either forward me
> your magic files or have any idea how I can get this fixed with
> fedora?
> I tried writing an exclusion in amavisd:
>   [ qr'^\[trash\]/[0-9a-f]{4}\.dat$'       => 0 ],  # allow any in
> Unix-type archives
> but apparently it doesn't work, because another docx file was tagged.
> Any ideas greatly appreciated.
> Thanks,
> Alex

Hello again!

just download this:

extract and take the magics!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20131105/e02461fa/attachment.sig>

More information about the amavis-users mailing list