amavisd at joolee.nl
Thu Oct 2 16:04:05 CEST 2014
Checking file extensions based on the mime type returned by the file
utility is very smart. That makes checking the mime type, based only on the
client-provided mime-type a weird design choice. Is there a reason for this?
On 2 October 2014 15:37, Noel Jones <njones at megan.vbhcs.org> wrote:
> On 10/2/2014 7:04 AM, Deeztek Support wrote:
> > I guess I was mistaken that using the mime-type was more reliable
> > than using a file extension since the file extension can be easily
> > modified also? So, if I were to ban .rar files, and someone send me
> > a rar file called "archive.rar" but they renamed it to "archive" it
> > will still be blocked by Amavis?
> Yes, amavis uses the results of file(1) to determine the proper
> extension, regardless of what the attachment is named. See the
> notes in amavisd.conf and/or amavisd.conf-sample about the $banned_*
> settings for details.
> -- Noel Jones
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the amavis-users