nested .zip containing bad files not being caught
Marcel Burggraeve
marcel at PLUSINE.COM
Mon Jul 26 19:58:08 IST 2004
On Mon, 2004-07-26 at 19:48, Bob Jones wrote:
> Hey all. I have an issue here. It appears that a nested zip archive is
> getting through mailscanner. I have mailscanner configured to look into
> archives and to block bad files. Here's the scenario... were receiving
> a file called instruction.zip which is getting through our scanning. If
> you unzip this file, you get another .zip which if you send it through
> *does* get caught by mailscanner, and if you unzip that you get
> instruction.pif which *does* get caught as well. I've upgraded to
> Archive-Zip module version 1.12 as I know the previous version had a
> hole. So, any idea what's going on here? I running MailScanner-4.31.6
> and have attached my MailScanner.conf file. Also, I've put 2 examples
> of the files up on our ftp server. You can grabe them at:
>
> ftp://ftp.usg.edu/pub/mailscanner/file.zip
> ftp://ftp.usg.edu/pub/mailscanner/instruction.zip
>
> Help please!
>
Can't help you but I can tell you we've received such a file today.
The sender is supposed to be a noreply address at our domain but the
real sender is an DSL address from an ISP.
The name of the file is marcel at plusine.com.zip which goes through the
scanner with no problem at all.
Inside this zip file is another zipfile with the same name.
Inside this zipfile is one file named :
marcel at plusine.com.html .com
At the moment I'm not able to check this file since I don't have a
scanner running at this ( Linux ) system.
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list