Executables within docx files?

Alexander Wirt via amavis-users amavis-users at amavis.org
Thu Sep 5 08:43:22 CEST 2013


On Wed, 04 Sep 2013, Alex via amavis-users wrote:

> Hi,
> 
> >> $ file \[trash\]/0001.dat
> >> [trash]/0001.dat: DOS executable (block device driver)
> >>
> >> Is this normal for a docx file? I'm sure the original sender had no
> >> idea this file contained a device driver. Is there something the
> >> sender needs to do to avoid this in the future?
> >>
> >> Is there some way to avoid this problem from happening again with
> >> other docx files?
> > See http://bugs.gw.com/view.php?id=277
> 
> What is this gw.com site? Shouldn't a bug report be filed with the
> 'file' people or the amavisd people?
> 
> Does anyone know if my suggestion to modify the $banned_filename_re
> will work? Mark? :-)
> 
> $banned_filename_re = new_RE(
> 
> [ qr'^\[trash\]/0001\.dat$'       => 0 ],
It won't work. Let me cite from the ECMA spec here:

    Trash items represent parts that have been discarded or are no longer in
    use.  Trash items shall not conform to OPC part naming guidelines as
    defined in Part 2 and shall not be associated with a content type.  All
    trash items shall follow the naming scheme: [trash]/hhhh.dat where h
    represents a hexadecimal value.  

so something like: ^\[trash\]/[0-9a-f]{4}\.dat$ should work better.

Alex



More information about the amavis-users mailing list