MailScanner 4.28-5 and zip files - an oddity

Julian Field mailscanner at ecs.soton.ac.uk
Tue Mar 9 11:01:41 GMT 2004


At 10:44 09/03/2004, you wrote:
>I presumed the message would be delivered with the attachment removed? I
>can understand no warning being sent back to the sender.
>
>Is this the default behaviour? Is MailScanner now just silently
>discarding mails with encrypted zip files?

As clearly documented in the conf file, the "All-Viruses" keyword in
"Silent Viruses" now includes the "Zip-Password" keyword. Delivery is then
controlled by the "Still Deliver Silent Viruses" setting. If you want
password-protected zip files to be handled differently, add "Zip-Password"
to the "Non Forging Viruses" list.

I hoped this was all clear in the MailScanner.conf comments, but apparently
not :-(


>Tim.
>
>On Tue, Mar 09, 2004 at 10:17:37AM +0000, Julian Field wrote:
> > By default no warnings are sent. You need to add
> > Non-Forging Viruses = Zip-Password
> > to your MailScanner.conf.
> >
> > At 00:54 09/03/2004, you wrote:
> > >I've just updated to 4.28-5 on FreeBSD and I've been testing the
> > >encrypted zip file protection. I've not got anything fancy in my config,
> > >I went with the default of just not allowing them.
> > >
> > >Here's the oddity...
> > >
> > >I send a test message in (from my exim logs):
> > >
> > >2004-03-09 00:42:21 1B0VK9-00098K-Nw <= t.d.bishop at mydomain.com
> > >H=mx5.mydomain.com (mx5.mydomain.com) [1.2.3.4] P=esmtp S=12101
> > >id=20040309004148.GC24156 at mydomain.com
> > >
> > >MailScanner picks it up:
> > >
> > >Mar  9 00:42:23 server MailScanner[34903]: New Batch: Scanning 1 messages,
> > >12470 bytes
> > >Mar  9 00:42:24 server MailScanner[34903]: Password-protected archive
> > >(test.zip) in 1B0VK9-00098K-Nw
> > >Mar  9 00:42:24 server MailScanner[34903]: Virus and Content Scanning:
> > >Starting
> > >Mar  9 00:42:25 server MailScanner[34903]:
> > >/var/spool/MailScanner/incoming/34903/1B0VK9-00098K-Nw/test.zip->graph1
> .xls
> > > Not scanned (encrypted)
> > >Mar  9 00:42:25 server MailScanner[34903]:
> > >/var/spool/MailScanner/incoming/34903/1B0VK9-00098K-Nw/test.zip->graph2
> .xls
> > > Not scanned (encrypted)
> > >Mar  9 00:42:25 server MailScanner[34903]: Notices: Warned about 1
> messages
> > >Mar  9 00:42:25 server MailScanner[34903]: New Batch: Scanning 1 messages,
> > >1960 bytes
> > >
> > >MailScanner generates a normal warning to postmaster:
> > >
> > >2004-03-09 00:42:25 1B0VKD-00098e-8B <= postmaster at otherdomain.com
> > >U=mailnull P=local S=1733
> > >2004-03-09 00:42:27 1B0VKD-00098e-8B => /home/tdb/Maildir/.postmaster/
> > >(tdb at server.otherdomain.com) <postmaster at otherdomain.com> R=userforward
> > >T=address_directory
> > >2004-03-09 00:42:27 1B0VKD-00098e-8B Completed
> > >
> > >And that's it... I was expecting something to either be sent to the
> > >sender or the recipient. Not complete silence.
> > >
> > >I'm presuming I've just overlooked something which is intended
> > >behaviour. Any advice welcomed.
> > >
> > >Cheers,
> > >Tim.
> > >
> > >--
> > >Tim Bishop
> > >http://www.bishnet.net/tim
> > >PGP Key: 0x5AE7D984
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>--
>Tim Bishop
>http://www.bishnet.net/tim
>PGP Key: 0x5AE7D984

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list