Maximum Archive Depth documentation (don't set it to -1)
Richard Lynch
rich at MAIL.WVNET.EDU
Sat Mar 6 02:19:08 GMT 2004
Daniel Kleinsinger wrote:
> I followed the "conversation" between Julian and Richard Lynch regarding
> not allowing password protected zips, but also not checking zips with
> the filename rules (the setup I'm aiming for). It was mentioned that
> setting the Maximum Archive Depth to 0 or -1 would disable the filename
> checks, but still block password protected zips. Ummm, don't set it to
> -1. That caused all mail to be rejected as dangerous content (and set
> off a nasty loop because of the admin notification emails also getting
> rejected). 0 seems to work as designed.
>
> Perhaps the comments in MailScanner.conf could be updated to reflect
> this configuration option so that people know what to do.
> # The maximum depth to which zip archives will be unpacked, to allow for
> # checking filenames and filetypes within zip archives.
> # To disable this feature set this to 0.
> Maximum Archive Depth = 0
>
> Daniel
FWIW, in a followup Julian did specifically state to set the option to 0
to disable internal file checks not -1. Quoting Julian...
>I have also added a check so that if you set the max nesting depth to
0 but
>still ban password-protected zip files, then the attachments are checked
>for password-protected zips without the other rules being enforced on the
>contents of the zip files. It will only check the first level of nesting
>though, as it obviously can't check a zip file it has been asked not to
>unpack or create in the first place.
The comment you suggest wouldn't hurt though.
--
Richard E. Lynch <rich at mail.wvnet.edu>
Systems Programming Manager
West Virginia Network (WVNET)
837 Chestnut Ridge Road
Morgantown, WV 26505
(304) 293-5192 x243
More information about the MailScanner
mailing list