Generalize detection of dat files (#556)

* Generalize detection of dat files * Add dat ignore to mime checks
2024-09-20 07:16:10 +08:00 · 2022-02-20 08:04:34 -05:00 · 2022-02-20 08:04:34 -05:00 · 83e7c530b9
parent c787535bb7
commit 83e7c530b9
1 changed files with 9 additions and 1 deletions
--- a/common/usr/share/MailScanner/perl/MailScanner/SweepOther.pm
+++ b/common/usr/share/MailScanner/perl/MailScanner/SweepOther.pm
@ -688,7 +688,7 @@ sub CheckFileTypesRules {
      $attach = $message->{safefile2file}{$safename} || $tnefname;
      next if $attach eq "" && $safename eq "";

-      if (MailScanner::Config::Value('aignoredatexecutable', $message) =~ /1/ && $attach =~ /[0-9a-fA-F]{4}\.dat$/) {
+      if (MailScanner::Config::Value('aignoredatexecutable', $message) =~ /1/ && $attach =~ /\.dat$/ && $TypeIndicator =~ /$ArchivesAre/) {
        ## Will prevent to quarantine email if MS Office/Corel
        ## attachment contains a .dat file
        ## .dat files are detected as executable in some instances
@ -898,6 +898,14 @@ sub CheckFileTypesRules {
      $attach = $message->{safefile2file}{$safename} || $tnefname;
      next if $attach eq "" && $safename eq "";

+      if (MailScanner::Config::Value('aignoredatexecutable', $message) =~ /1/ && $attach =~ /\.dat$/ && $TypeIndicator =~ /$ArchivesAre/) {
+        ## Will prevent to quarantine email if MS Office/Corel
+        ## attachment contains a .dat file
+        ## .dat files are detected as executable in some instances
+        MailScanner::Log::InfoLog("Skipping archive .dat file type check (prevent wrong executable type)");
+        next;
+      }
+
      $notypesafename = substr($safename,1);
      $TypeIndicator = substr($safename,0,1);
      if ($TypeIndicator =~ /$ArchivesAre/) {