MailScanner: Beta 4.36.1 released

Fri Mar 11 11:11:59 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick Cooper wrote:
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>>Behalf Of Julian Field
>>Sent: Thursday, November 18, 2004 10:22 AM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: MailScanner: Beta 4.36.1 released
>>
>>- Added check for Password-Protected Archives setting when using
>>clamavmodule.
>
>
> I was looking at the clamavmodule changes that check for a simple value for
> the Password-Protected archives, and I have a suggestion (since it there is
> no reasonable way to use a rule set here)
>
> How about adding something like:
>
>         if(MailScanner::Config::IsSimpleValue('allowpasszips')){
>                 my $AllowPasswd = MailScanner::Config::Value('allowpasszips');
>         }else{
>                 my $AllowPasswd = 1;
>         }
>
> At the top of the ClamAVModule sub then change:
>
> if (MailScanner::Config::Value('allowpasszips')) { # || $haverar) {
>
> To
>
> if ($AllowPasswd) { # || $haverar) {
>
> This way if someone is using a rule file the action would change to allow so
> no one loses an attachment. I think warning them in the log and defaulting
> to "no", or taking away the ability to use rules is not a good solution. The
> UnpackZip sub respects the rule sets and it's not fair to take away the
> ability to use a rule set there just to ensure password protected RARs are
> caught for all.
>
> Or just remove the CL_SCAN_BLOCKENCRYPTED flag all together. The only reason
> I made the suggestion was because MS doesn't include the UnpackRar sub,
> which would catch the password protected RARs, respect the rules sets and
> report the file as password protected (rather than as an infected file). I
> thought adding the CL_SCAN_BLOCKENCRYPTED would allow other MS systems to at
> least catch protected RARs, even though the internal file name processing
> wouldn't take place.
>
> Doesn't matter to me either way since my patched Message.pm includes
> UnpackRar, and SweepVirues.pm includes the $haverar checks, so I never use
> the CL_SCAN_BLOCKENCRYPTED flag anyway.
>
> Rick
>

First apologies for bringing up an old thread, but I noticed this today
on my test server after adding a rule for "Allow Password-Protected
Archives".

MailScanner[24121]: "Allow Password-Protected Archives" should be set to
just yes or no when using clamavmodule virus scanner

Now that there is external unrar support for clamavmodule, can a ruleset
be allowed again instead of yes/no?

my setup
========
MailScanner: 4.40.2-1
unrar: 3.2.3-2.4
clam: 0.83-1
Mail::ClamAV: 0.17

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!