Problems with zips in 4.28.6-1

Julian Field mailscanner at ecs.soton.ac.uk
Wed Mar 10 17:01:02 GMT 2004 

I obviously should have done more testing with "Allow Password-Protected
Archives = yes". Sorry about that. Apply this patch to Message.pm:

-----SNIP-----
--- Message.pm.old  2004-03-10 14:14:40.000000000 +0000
+++ Message.pm      2004-03-10 16:53:56.000000000 +0000
@@ -1088,6 +1088,9 @@
    my($this, $explodeinto, $maxlevels, $allowpasswords,
       $couldnotreadmesg, $passwordedmesg, $msname) = @_;

+  # Not got anything to do?
+  return 0 if !$maxlevels && $allowpasswords;
+
    my($dir, $file, $part, @parts, %seenbefore, %seenbeforesize,
$foundnewfiles);
    my($size, $level, $ziperror, $tarerror, $silentviruses, $noisyviruses);
    my($allziperrors, $alltarerrors);
-----SNIP-----

At 16:25 10/03/2004, you wrote:
>Hello list.
>
>I have upgraded one of our servers to MailScanner-4.28.6-1 and have
>
>Maximum Archive Depth = 0
>Allow Password-Protected Archives = yes
>
>In my MailScanner.conf as I would like to disable filename checking within
>zip files.
>
>If I send a zip file "com.zip" containing a file "search.txt.com" the file
>is blocked.
>
>MailScanner[4283]: New Batch: Scanning 1 messages, 2501 bytes
>MailScanner[4283]: Files hidden in very deeply nested archive in
>i2AG6BSD004428
>MailScanner[4283]: Virus and Content Scanning: Starting
>MailScanner[4283]: Filename Checks: Windows/DOS Executable (i2AG6BSD004428
>search.txt.com)
>MailScanner[4283]: Other Checks: Found 1 problems
>MailScanner[4283]: Saved entire message to
>/var/spool/MailScanner/quarantine/20040310/i2AG6BSD004428
>MailScanner[4283]: Saved infected "com.zip" to
>/var/spool/MailScanner/quarantine/20040310/i2AG6BSD004428
>MailScanner[4283]: Saved infected "search.txt.com" to
>/var/spool/MailScanner/quarantine/20040310/i2AG6BSD004428
>
>Worse still, if I send a genuine encrypted zip file
>
>MailScanner[3219]: New Batch: Scanning 1 messages, 480717 bytes
>MailScanner[3219]: Files hidden in very deeply nested archive in
>i2AFrDHp003727
>MailScanner[3219]: Virus and Content Scanning: Starting
>MailScanner[3219]: /var/spool/MailScanner/incoming/3219/i2AFrDHp003727/New
>WinZip File.zip->david1.jpg  Not scanned (encrypted)
>MailScanner[3219]: Virus Scanning: F-Prot found virus
>MailScanner[3219]: Virus Scanning: F-Prot found 1 infections
>MailScanner[3219]: Infected message i2AFrDHp003727 came from xxx.xxx.xxx.xxx
>MailScanner[3219]: Saved entire message to
>/var/spool/MailScanner/quarantine/20040310/i2AFrDHp003727
>MailScanner[3219]: Saved infected "New WinZip File.zip" to
>/var/spool/MailScanner/quarantine/20040310/i2AFrDHp003727
>
>The file is stopped and no notification is sent to the user.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list