Problems with zips in 4.28.6-1

Julian Field mailscanner at ecs.soton.ac.uk
Fri Mar 12 10:14:03 GMT 2004


At 10:03 12/03/2004, you wrote:
>Julian Field wrote:
> > At 17:29 11/03/2004, you wrote:
> >> Hi!
> >>
> >>> Sorry to ask this again but no one has replied to my earlier
> >>> posting regarding a problem with 4.28.6-1 and encrypted zips.
> >>>
> >>> Could someone who is using MailScanner 4.28.6.-1 + f-prot 4.4 and
> >>> allows encrypted zips to pass please confirm that they pass
> >>> correctly as I find all encrypted zips are stopped even if Allow
> >>> Password-Protected Archives is set to yes.
> >>
> >> Sure, F-Prot thinks its a virus, so it will catch them. Are you sure
> >> its busting 'all' ones or just ones that really look like the virus
> >> stuff floating around?
> >
> > At the request of someone else, I added a bit to the F-Prot parser so
> > that it traps password-encrypted zip files as their contents cannot
> > be scanned and are therefore unsafe, which is playing it safe in the
> > same way that MailScanner does for most other things.
> >
> > Look in SweepViruses.pm in ProcessF-ProtOutput (the "-" might not be
> > there) and you will find a line or 2 that mentions "encrypted". If
> > you just change that string to something that won't appear then you
> > will stop this check working.
>
>Thank Julian,Raymond & Chris for your replies.
>
>Julian, having f-prot report an infection for any encrypted zip
>file makes it impossible for f-prot to allow any encrypted zip files
>through MailScanner. Now that the Allow Password-Protected Archives
>setting is in MailScanner.conf would it not be better to change this
>so that we, who have to let in encrypted zip files are able to.

Good idea. I'll change it back.

>Thanks for your info about SweepViruses.pm I have removed the two lines
>
>} elsif ($line =~ /[Nn]ot scanned \(encrypted\)/) {
>   $line =~ s/[Nn]ot scanned \(encrypted\).*$/Infection: /;
>
>And changed the Ignore files section to
>
># Ignore files we couldn't scan as they were encrypted
>   if ($line =~ /\s\sNot scanned \(unsupported compression method\)/ ||
>       $line =~ /\s\sNot scanned \(unknown file format\)/ ||
>       $line =~ /[Nn]ot scanned \(encrypted\)/ ||
>       $line =~ /Virus-infected files in archives cannot be deleted\./) {
>     return 0;
>   }
>
>Not being conversant with MailScanner's code can you advise if this
>change is ok as it seems to achieve what I need.

That should be fine.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list