From owner-freebsd-questions@FreeBSD.ORG Sat Jul 3 14:25:21 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3B2B1065670 for ; Sat, 3 Jul 2010 14:25:21 +0000 (UTC) (envelope-from andy@balholm.com) Received: from mail.my180.net (pop1-levy.go180.net [216.229.186.150]) by mx1.freebsd.org (Postfix) with ESMTP id 97E938FC14 for ; Sat, 3 Jul 2010 14:25:21 +0000 (UTC) Received: (qmail 15086 invoked by uid 0); 3 Jul 2010 14:25:20 -0000 Received: from unknown (HELO ?192.168.0.2?) (andy@balholm.com@63.224.217.218) by mail.my180.net with ESMTPA; 3 Jul 2010 14:25:20 -0000 From: Andy Balholm Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sat, 3 Jul 2010 07:25:19 -0700 Message-Id: <641FFF4C-5948-4AFA-9F73-FBB1A105BCAE@balholm.com> To: Tim Daneliuk Mime-Version: 1.0 (Apple Message framework v1078) X-Mailer: Apple Mail (2.1078) Cc: freebsd-questions@freebsd.org Subject: Re: 'file' Command Giving False Positives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jul 2010 14:25:21 -0000 One thing I noticed about the file command's output might be useful: For the file in question, it says "MS-DOS executable (built-in)" For real Windows programs, it gives more information. One that I tried = said "PE32 executable for MS Windows (GUI) Intel 80386 32-bit". I = remember that some others have said "COFF" instead of "PE32". So maybe = you could just assume that unless the file command is able to figure out = what _kind_ of executable the file is, it's a false positive. It depends = how likely you are to run into a really ancient DOS program (which would = probably just get the generic description).=