Problem with ClamAVmodule

Rick Cooper rcooper at DWFORD.COM
Wed Nov 17 15:23:19 GMT 2004


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Richard Lynch
> Sent: Wednesday, November 17, 2004 9:44 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Problem with ClamAVmodule
>
>
> Julian Field wrote:
>
> >You have found a bug, but I'm not sure it is easy to work around.
> >You need to set
> >Allow Password-Protected Archives = yes
> >and not use a ruleset. I allow a ruleset as this is only the
> case when using
> >the "clamavmodule" virus scanner. I guess I should put a check
> in there to
> >ensure that this is a simple value when using clamavmodule.
> >
> >
> I see.  You're testing the value of "Allow Password-Protected Archives"
> which returns "0" since it's not "yes" (i.e. it's a file reference), and
> it passes the "Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED()" parameter to
> Mail::ClamAV.
>
> Solving this is problematic.  What about adding a user supplied option
> list for Mail::ClamAV in MailScanner.conf?  Then, you could make the
> call without making the test on "allowpasszips".  Something like...
>
> $results = $Clam->scan("$dirname/$childname/$filename",
>            Mail::ClamAV::CL_SCAN_ARCHIVE() |
>            MailScanner::Config::Value('clammodopt') |
>            Mail::ClamAV::CL_SCAN_OLE2());
>
> Then users could specify the CL_SCAN_BLOCKENCRYPTED option if
> they want it.  Or perhaps, don't pass the option at all since MS
> provides that facility on its own anyway.
>

Actually MS doesn't handle password protected RARs on it's own. If that
option isn't there then clamavmodule will not flag the rar as a problem. I
had added this because the Unrar function I had submitted was never
accepted. RARs are not handled like Zips (except for my own patched system).
If Julian doesn't have time to look at this I can try and find sometime soon
to see if I can do something with it... I mistakenly assumed (my bad) that
the allow password protected archives would be correct at a given moment...
that the rules set was already processed, but I guess that couldn't happen
until delivery processing :->[

Unless something has changed in the latest betas, the RAR files are not
processed like zips in terms in file name/type checks are passwords. You
will note some commented references in the clamavmodule code that related to
$haverar, that is because if the UnpackRar function exists then
CL_SCAN_BLOCKENCRYPTED becomes redundant.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list