Allow password protected/encrypted zip files from a singler sender

Julian Field mailscanner at ecs.soton.ac.uk
Tue Sep 28 14:56:47 IST 2004 

<x-flowed>
In which case ClamAV is detecting it as a virus, so the
"Allow Password-Protected Archives" setting won't have any effect, as it is
over-ridden by ClamAV.

At 13:29 28/09/2004, you wrote:
>With the following ruleset:
>
>From: ebruce at hpmich.com yes
>To: edwardbruce at sbcglobal.net yes
>FromOrTo: default no
>
>I get the following results when I send an encrypted zip file:
>
>Sep 27 16:50:50 mail2 postfix/smtpd[11139]: B995330A88E:
>client=unknown[65.170.178.192]
>Sep 27 16:50:50 mail2 postfix/cleanup[10856]: B995330A88E:
>message-id=<41587C93.5040402 at hpmich.com>
>Sep 27 16:50:52 mail2 postfix/nqmgr[10556]: B995330A88E:
>from=<ebruce at hpmich.com>, size=371237, nrcpt=1 (queue active)
>Sep 27 16:50:52 mail2 postfix/nqmgr[10556]: B995330A88E:
>to=<edwardbruce at sbcglobal.net>, relay=none, delay=2, status=deferred
>(deferred transport)
>Sep 27 16:50:56 mail2 MailScanner[10675]: ClamAVModule::INFECTED::
>Encrypted.Zip:: ./B995330A88E/spring_wizardry.zip
>Sep 27 16:50:56 mail2 MailScanner[10675]: ClamAVModule::INFECTED::
>Encrypted.Zip:: ./B995330A88E/Copy of spring_wizardry.zip
>Sep 27 16:50:57 mail2 MailScanner[10675]: Infected message B995330A88E
>came from 65.170.178.192
>Sep 27 16:50:57 mail2 MailScanner[10675]: Saved entire message to
>/var/spool/MailScanner/quarantine/20040927/B995330A88E
>Sep 27 16:50:57 mail2 MailScanner[10675]: Saved infected
>"spring_wizardry.zip" to /var/spool/MailScanner/quarantine/20040927/B995330A88E
>Sep 27 16:50:58 mail2 MailScanner[10675]: Saved infected "Copy of
>spring_wizardry.zip" to /var/spool/MailScanner/quarantine/20040927/B995330A88E
>Sep 27 16:50:58 mail2 MailScanner[10675]: Requeue: B995330A88E to A957037E49C
>
>
>
>Peter Bonivart wrote:
>
>>No Name wrote:
>>
>>>I have a similiar problem. I attempted to setup a ruleset, but no
>>>matter what
>>>I do it doesn't work. I've first tried:
>>
>>
>>Some virus scanners mark encrypted files as viruses since they can't be
>>scanned. What's the output of the scanner? I use your first example and
>>it works just fine for me so I doubt MS is the problem.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list