...
The following parameters can be set:
Maximum file size limit
Specifies the maximum file size for which to perform the check by the engine. The check is done in memory and in case of archives and other containers their whole contents are extracted into the memory. Therefore we do not recommend to set this value higher than approximately 10% of server’s memory.
Treat oversize as clean
If this is enabled and the check is skipped because the file is too big, the file is considered “clean” (like if the check was performed and found no problems). If this is disabled, then such file is considered “unclean” (like if the check was performed and found a problem) and the whole package will be quarantined.
Maximum number of stored records of detected objects
Some containers (typically archives like zip, etc.) may contain a very large amount of embedded files/objects and so the list of all found MIME types can be very long. This limit limits the maximum number of stored records of found MIME types for one file. This limit was introduced to prevent problems with displaying all found MIME types and also to prevent over-filling the database. The limit does not affect the detection of selected MIME types (all detected MIME types are searched, not just those that fit into the limit and are saved).
Detection mode
If set to blacklist mode, the packages with files matching the selected MIME types are quarantined. If set to whitelist mode, all packages with files not matching one of the selected MIME types are quarantined.
Selected file types
Sets the MIME file types, which the files should be checked for in whitelist or blacklist mode. One MIME type per one line. The list could be empty, which in blacklist mode causes no packages to be quarantined, but the detection is performed and the refined MIME types are set for each of the checked files.
...
For some types of content, deep detection is performed, scanning even nested files (for example files in archives, office documents, etc.). The types of these deeply scanned containers are listed here: https://tika.apache.org/1.22/formats.html.
A simple tip, how to discover a MIME type of some file, is to just send it through the SOFiE application and have a look at what MIME type was detected for the file.
Alternatively this can be found out from the above mentioned list of supported MIME types, where for example the *.avi file type has the following specification:
Code Block | ||
---|---|---|
| ||
<mime-type type="video/x-msvideo">
<_comment>Audio Video Interleave File</_comment>
<alias type="video/avi"/>
<alias type="video/msvideo"/>
<magic priority="50">
<match value="RIFF....AVI " type="string" offset="0"
mask="0xFFFFFFFF00000000FFFFFFFF"/>
<match offset="8" type="string" value="\x41\x56\x49\x20"/>
</magic>
<glob pattern="*.avi"/>
</mime-type> |
And so the MIME type of such file is video/x-msvideo.
Configuration example
...