Maximum Archive Depth documentation (don't set it to -1)

Richard Lynch rich at MAIL.WVNET.EDU
Sat Mar 6 02:19:08 GMT 2004


Daniel Kleinsinger wrote:

> I followed the "conversation" between Julian and Richard Lynch regarding
> not allowing password protected zips, but also not checking zips with
> the filename rules (the setup I'm aiming for).  It was mentioned that
> setting the Maximum Archive Depth to 0 or -1 would disable the filename
> checks, but still block password protected zips.   Ummm, don't set it to
> -1.  That caused all mail to be rejected as dangerous content (and set
> off a nasty loop because of the admin notification emails also getting
> rejected).  0 seems to work as designed.
>
> Perhaps the comments in MailScanner.conf could be updated to reflect
> this configuration option so that people know what to do.
> # The maximum depth to which zip archives will be unpacked, to allow for
> # checking filenames and filetypes within zip archives.
> # To disable this feature set this to 0.
> Maximum Archive Depth = 0
>
> Daniel

FWIW, in a followup Julian did specifically state to set the option to 0
to disable internal file checks not -1.    Quoting Julian...

 >I have also added a check so that if you set the max nesting depth to
0 but
 >still ban password-protected zip files, then the attachments are checked
 >for password-protected zips without the other rules being enforced on the
 >contents of the zip files. It will only check the first level of nesting
 >though, as it obviously can't check a zip file it has been asked not to
 >unpack or create in the first place.

The comment you suggest wouldn't hurt though.

--
Richard E. Lynch <rich at mail.wvnet.edu>
Systems Programming Manager
West Virginia Network (WVNET)
837 Chestnut Ridge Road
Morgantown, WV  26505
(304) 293-5192 x243



More information about the MailScanner mailing list