banned file types

Noel Jones njones at megan.vbhcs.org
Tue Oct 21 18:47:04 CEST 2014 

On 10/21/2014 10:50 AM, Deeztek Support wrote:
> 
>>
>> I don't think there's any particular docs on the
>> $map_full_type_to_short_type_re table.  Basically it's a list of the
>> long descriptive names given by file(1) mapped to the common 3
>> character extension.  It shouldn't need any adjustments, so it's not
>> in a user config file.  But you can look at it for enlightenment.
>>
>> You can find the $map_full_type_to_short_type_re list in the main
>> amavisd program. And I mean the amavisd PROGRAM, not a configuration
>> file.  Probably in /usr/sbin or similar.
> 
> 
> Okay, here's my understanding on how this works. Correct me if I'm
> wrong:
> 
> I ran the file(1) without the -i switch on a bunch of files to see
> what gets reported. For example, on a .rar archive the file(1)
> utility outputs the following:
> 
> RAR archive data, v1d, os: Win32
> 
> So, I went into the /usr/sbin/amavisd-new file and located the
> following entry under the $map_full_type_to_short_type_re section:
> 
> [qr/^RAR archive\b/i                => 'rar']
> 
> So far so good

Yes.

> 
> Now, I ran the file(1) utility on Microsoft Excel .xls and a
> Microsoft Word .doc file and they both had the following output:
> 
> CDF V2 Document ......
> 

Hmmm.  Maybe your file(1) utility needs updating.

> Of course, there was no corresponding entry under the
> $map_full_type_to_short_type_re section, which tells me that Amavis
> is not able detect the file type using the file(1) utility, so I
> have to rely on the attachment name reported by the message, so I
> would add an entry in my $banned_filename_re like follows:
> 
> [qr'.\.(xls)$'i => 1],  #block excel files
> [qr'.\.(doc)$'i => 1],  #block word files
> 
> (you said earlier that the () are not required, I'm just putting
> them in there for uniformity since it won't hurt anything)

Yes, looks correct.

> 
> Now, instead, could I theoretically add entries under the
> $map_full_type_to_short_type_re as follows?
> 
> [qr/^CDF V2 Document\b/i                => 'xls']
> [qr/^CDF V2 Document\b/i                => 'doc']

No, since the descriptive text is the same, there should only be one
entry.  The i flag isn't needed here since the output is from the
file(1) command; the case won't vary.

If you don't want to worry about which short type to remember, I
suppose you could write it as:
[qr/^CDF V2 Document\b/                =>['xls','doc'] ],

Blocking the short type will block anything file(1) classifies as
"CDF V2 Document" -- it can't distinguish between xlx and doc (and
likely other Office file types too).

> 
> so, that you know, I'm not stuck on office files I'm just using them
> as examples.

... a somewhat complex example since the file(1) output covers
multiple file types.



  -- Noel Jones

More information about the amavis-users mailing list