Further checking on this behavior shows:
Original Mime Header:
*******
Content-Type: image/jpeg;
name="moz-screenshot-1.jpg"
Content-Transfer-Encoding: base64
Content-ID: <107953@xyz.molar.is>
Content-Disposition: inline;
filename="moz-screenshot-1.jpg"
*******
Sanitizer Log:
*******
Part (pos="1697"):
SanitizeFile (filename="moz-screenshot-1.jpg,
107953@xyz.molar.is, unnamed.jpg", mimetype="image/jpeg"):
Match (names="107953@xyz.molar.is", rule="2"):
ScanFile
(file="/var/quarantine/att-part1.09070406.04080005_medata.com-4006feff.AB"):
Scan succeeded, file is clean.
Enforced policy: accept
File name doesn't match MIME type, defanging.
Replaced mime type with: application/RENAME_FILE_TO_USE-100
Replaced file name with:
part1_09070406_04080005_medata_com.RENAME_FILE_TO_USE-100
*******
Resulting Mime Header:
*******
Content-Type: application/RENAME_FILE_TO_USE-100;
name="part1_09070406_04080005_medata_com.RENAME_FILE_TO_USE-100"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="part1_09070406_04080005_medata_com.RENAME_FILE_TO_USE-100"
Content-ID: <107953@xyz.molar.is>
*******
Rule Syntax:
*******
file_list_2_scanner = 0:19:12,13:/usr/local/bin/uvscan.sh %FILENAME
file_list_2_policy = accept:save:drop:drop
file_list_2 = (?i)(.*\@.*\.com)$
*******
I've turned on force filename for mime types w/o filenames. That being said,
shouldn't it take the filename and make it priority over the Content-ID?
Are there any other "features" I could enable or disable to resolve this?
-Rick
-- Rick Johnson, RHCE #807302311706007 - 107862@xyz.molar.is Linux/Network Administrator - Medata, Inc. PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc