Hi, I'm sorry to resurrect a month-old thread, but I'm still having a problem and it hasn't yet been fixed upstream.
If you recall this thread, the problem is with 'file' misidentifying docx files with [trash]/0001.dat files in them as ARCHIVES, potentially resulting in them being tagged as a virus. On Fri, Sep 6, 2013 at 9:34 AM, Patrik Båt <[email protected]> wrote: > On fre 6 sep 2013 01:35:30, Alex wrote: >> Hi, >> >>>> Running latest file, will not return ARCHIVE and amavis will not >>>> extract it and .dat or .dat (catche-all) will not trigger, so update >>>> file and your magics. >>>> >>>> thats how i solved it. >>>> >>>> eg: >>>> file ./test1.docx >>>> ./test1.docx: Microsoft Word 2007+ >>> >>> Can you confirm what version that's working for you? I'd like to be >>> able to grab the one from fc19 if possible. >> >> Turns out fc19 doesn't work properly. >> >> I updated the fc19 RPM with the 5.14 source, and it also fails. >> >> It would be great if you could confirm which version is working for >> you, and if you could identify the magic pattern that's used so I can >> reference it on my system. >> >> Thanks! >> Alex > > I'm using file from debian sid repo. This hasn't yet been fixed in file proper. Can you either forward me your magic files or have any idea how I can get this fixed with fedora? I tried writing an exclusion in amavisd: [ qr'^\[trash\]/[0-9a-f]{4}\.dat$' => 0 ], # allow any in Unix-type archives but apparently it doesn't work, because another docx file was tagged. Any ideas greatly appreciated. Thanks, Alex
