password protected :(

Mike Brudenell pmb1 at YORK.AC.UK
Wed Apr 14 09:35:46 IST 2004 

Greetings -

--On Wednesday, April 14, 2004 12:34 pm +1000 Pete <pete at eatathome.com.au>
wrote:

> Andrew wrote:
>
>> I am using mailscanner with clamav on a debian machine -
>>
>> When it recieves a password protected zip file, because it cannot open
>> it, it presumes it is a virus and doesn't deliver.... is there any
>> solution to this?

Perhaps this is a good time for me to again ask about this setting too.
(I've confess that I've asked twice before but didn't get a single reply!)

The following is with MailScanner 4.29.3 ...


The reply to given the enquiry above was:

> You could try
> Allow Password-Protected Archives = yes

I understand the suggestion is that this will allow password-protected
(Zip) archives to be passed through MailScanner rather than being treated
as malware and blocked.  Correct?


Question 1
----------
So please could someone explain how this interacts if you also have these
settings:

    Silent Viruses = HTML-IFrame All-Viruses HTML-Codebase
    Still Deliver Silent Viruses = no

According to the comment for "Silent Viruses" using "All-Viruses" also here
implicitly includes "Zip-Password", which according to the comment text:

    If a virus name is given here, then
    1)  The sender will not be warned that he sent it
    2)  No attempt at true disinfection will take place
        (but it will still be "cleaned" by removing the nasty attachments
         from the message)
    3)  The recipient will not receive the message,
        unless the "Still Deliver Silent Viruses" option is set
            ...
    Zip-Password    inserting this will stop senders being warned about
                    password-protected zip files, when they are not allowed.
                    This keyword is not needed if you include All-Viruses.

 *  According to this comment text the above settings will NOT deliver an
    incoming message with password-protected archive to the recipient.

 *  BUT the "Allow Password-Protected Archives = yes" directive says it IS
    allowed and will be delivered!

So which one takes effect?  Is the message delivered or not?

If it is NOT delivered, how does one adjust the settings to treat all
viruses as 'silent' yet allow/deliver password-protected archives?


Question 2
----------
Whilst trying to interpret the comments relating to the above question I
pondered about adding the "Zip-Password" keyword to the "Non-Forging
Viruses" directive:

    Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Zip-Password

However according to the comment this 'merely' says it is OK to send a
warning message back to the sender of a message with a password-protected
archive attached and this is blocked.

It wouldn't help in actually getting the attachment through to the
recipient... Correct?



I'm sorry, but I _really_ can't quite get my head around how these
directives interact without your help: is it really only me who can't
fathom this from the comments?

Cheers,

Mike Brudenell

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

More information about the MailScanner mailing list