Problems with zips in 4.28.6-1

Plant, Dean dean.plant at ROKE.CO.UK
Wed Mar 10 16:25:44 GMT 2004 

Hello list.

I have upgraded one of our servers to MailScanner-4.28.6-1 and have

Maximum Archive Depth = 0
Allow Password-Protected Archives = yes

In my MailScanner.conf as I would like to disable filename checking within zip files.

If I send a zip file "com.zip" containing a file "search.txt.com" the file is blocked.

MailScanner[4283]: New Batch: Scanning 1 messages, 2501 bytes
MailScanner[4283]: Files hidden in very deeply nested archive in i2AG6BSD004428
MailScanner[4283]: Virus and Content Scanning: Starting
MailScanner[4283]: Filename Checks: Windows/DOS Executable (i2AG6BSD004428 search.txt.com)
MailScanner[4283]: Other Checks: Found 1 problems
MailScanner[4283]: Saved entire message to /var/spool/MailScanner/quarantine/20040310/i2AG6BSD004428
MailScanner[4283]: Saved infected "com.zip" to /var/spool/MailScanner/quarantine/20040310/i2AG6BSD004428
MailScanner[4283]: Saved infected "search.txt.com" to /var/spool/MailScanner/quarantine/20040310/i2AG6BSD004428

Worse still, if I send a genuine encrypted zip file

MailScanner[3219]: New Batch: Scanning 1 messages, 480717 bytes
MailScanner[3219]: Files hidden in very deeply nested archive in i2AFrDHp003727
MailScanner[3219]: Virus and Content Scanning: Starting
MailScanner[3219]: /var/spool/MailScanner/incoming/3219/i2AFrDHp003727/New WinZip File.zip->david1.jpg  Not scanned (encrypted)
MailScanner[3219]: Virus Scanning: F-Prot found virus
MailScanner[3219]: Virus Scanning: F-Prot found 1 infections
MailScanner[3219]: Infected message i2AFrDHp003727 came from xxx.xxx.xxx.xxx
MailScanner[3219]: Saved entire message to /var/spool/MailScanner/quarantine/20040310/i2AFrDHp003727
MailScanner[3219]: Saved infected "New WinZip File.zip" to /var/spool/MailScanner/quarantine/20040310/i2AFrDHp003727

The file is stopped and no notification is sent to the user. I thought this was a f-prot problem but passing the file through another mail server running the same f-prot version but MailScanner v4.28.5 allows the file to pass correctly.

Is there something I may have missed in the configuration?

Thanks in advance

Dean Plant

--

Visit our website at www.roke.co.uk

Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell,
Berkshire. RG12 8FZ

The information contained in this e-mail and any attachments is confidential to
Roke Manor Research Ltd and must not be passed to any third party without
permission. This communication is for information only and shall not create or
change any contractual relationship.

More information about the MailScanner mailing list