Problems with zips in 4.28.6-1

Plant, Dean dean.plant at ROKE.CO.UK
Fri Mar 12 10:03:36 GMT 2004


Julian Field wrote:
> At 17:29 11/03/2004, you wrote:
>> Hi!
>>
>>> Sorry to ask this again but no one has replied to my earlier
>>> posting regarding a problem with 4.28.6-1 and encrypted zips.
>>>
>>> Could someone who is using MailScanner 4.28.6.-1 + f-prot 4.4 and
>>> allows encrypted zips to pass please confirm that they pass
>>> correctly as I find all encrypted zips are stopped even if Allow
>>> Password-Protected Archives is set to yes.
>>
>> Sure, F-Prot thinks its a virus, so it will catch them. Are you sure
>> its busting 'all' ones or just ones that really look like the virus
>> stuff floating around?
>
> At the request of someone else, I added a bit to the F-Prot parser so
> that it traps password-encrypted zip files as their contents cannot
> be scanned and are therefore unsafe, which is playing it safe in the
> same way that MailScanner does for most other things.
>
> Look in SweepViruses.pm in ProcessF-ProtOutput (the "-" might not be
> there) and you will find a line or 2 that mentions "encrypted". If
> you just change that string to something that won't appear then you
> will stop this check working.

Thank Julian,Raymond & Chris for your replies.

Julian, having f-prot report an infection for any encrypted zip
file makes it impossible for f-prot to allow any encrypted zip files
through MailScanner. Now that the Allow Password-Protected Archives
setting is in MailScanner.conf would it not be better to change this
so that we, who have to let in encrypted zip files are able to.

Thanks for your info about SweepViruses.pm I have removed the two lines

} elsif ($line =~ /[Nn]ot scanned \(encrypted\)/) {
  $line =~ s/[Nn]ot scanned \(encrypted\).*$/Infection: /;

And changed the Ignore files section to

# Ignore files we couldn't scan as they were encrypted
  if ($line =~ /\s\sNot scanned \(unsupported compression method\)/ ||
      $line =~ /\s\sNot scanned \(unknown file format\)/ ||
      $line =~ /[Nn]ot scanned \(encrypted\)/ ||
      $line =~ /Virus-infected files in archives cannot be deleted\./) {
    return 0;
  }

Not being conversant with MailScanner's code can you advise if this
change is ok as it seems to achieve what I need.

Thanks

Dean.

--

Visit our website at www.roke.co.uk

Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell,
Berkshire. RG12 8FZ

The information contained in this e-mail and any attachments is confidential to
Roke Manor Research Ltd and must not be passed to any third party without
permission. This communication is for information only and shall not create or
change any contractual relationship.



More information about the MailScanner mailing list