ZIP file attachments passing through MS 4.35.9 unscanned

Julian Field mailscanner at ecs.soton.ac.uk
Tue Dec 21 14:36:45 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It will have a slight impact on scanning speed when there are a large
number of attachments, but it is much safer.

Adri Koppes wrote:

>Julian,
>
>Thanks.
>The patch solved the problem and 'hidden' zipfiles are now scanned.
>
>Adri.
>
>
>
>>-----Original Message-----
>>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>>Sent: 21 December, 2004 15:09
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: ZIP file attachments passing through MS 4.35.9 unscanned
>>
>>
>>Please try the attached patch to Message.pm.
>>
>>Adri Koppes wrote:
>>
>>
>>
>>>>-----Original Message-----
>>>>From: Mike [mailto:michael at NOMENNESCIO.NET]
>>>>Sent: 21 December, 2004 13:38
>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>Subject: Re: ZIP file attachments passing through MS 4.35.9
>>>>
>>>>
>>unscanned
>>
>>
>>>>
>>>>
>>>>
>>>>
>>>>>From: MailScanner mailing list
>>>>>
>>>>>
>>>>>
>>>>>
>>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>>>
>>>>
>>>>
>>>>
>>>>>Behalf Of Adri Koppes
>>>>>
>>>>>Recently I have noticed some people bypassing the contents
>>>>>
>>>>>
>>>>>
>>>>>
>>>>scanning of
>>>>Zip
>>>>
>>>>
>>>>
>>>>
>>>>>file attachments.
>>>>>When a message contains a .zip file attachment, renamed to .txt,
>>>>>MailScanner does not seems to detect the presence of the zip file,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>despite > the setting of 'Find Archives By Content = yes' in the
>>>>MailScanner.conf   > file. Examing the message, the zip file
>>>>is attached
>>>>as follows:
>>>>
>>>>
>>>>
>>>>
>>>>>Has anyone else noticed this problem? It is real easy to pass
>>>>>
>>>>>
>>>>>
>>>>>
>>>>executables
>>>>
>>>>
>>>>
>>>>
>>>>>and other mallicious content.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>Use this option in MailScanner.conf:  "File Command =
>>>>
>>>>
>>/usr/bin/file".
>>
>>
>>>>
>>>>
>>>I already have that set and verified it's working. For
>>>
>>>
>>instance MPEG's and
>>
>>
>>>AVI's are blocked regardless of the attached filename.
>>>
>>>Adri
>>>
>>>
>>>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list