MailScanner: Beta 4.36.1 released
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Mar 11 16:50:06 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
This has been fixed already, and will be in the April release of
MailScanner.
Dhawal Doshy wrote:
> Rick Cooper wrote:
>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>>> Behalf Of Julian Field
>>> Sent: Thursday, November 18, 2004 10:22 AM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: MailScanner: Beta 4.36.1 released
>>>
>>> - Added check for Password-Protected Archives setting when using
>>> clamavmodule.
>>
>>
>>
>> I was looking at the clamavmodule changes that check for a simple
>> value for
>> the Password-Protected archives, and I have a suggestion (since it
>> there is
>> no reasonable way to use a rule set here)
>>
>> How about adding something like:
>>
>> if(MailScanner::Config::IsSimpleValue('allowpasszips')){
>> my $AllowPasswd =
>> MailScanner::Config::Value('allowpasszips');
>> }else{
>> my $AllowPasswd = 1;
>> }
>>
>> At the top of the ClamAVModule sub then change:
>>
>> if (MailScanner::Config::Value('allowpasszips')) { # || $haverar) {
>>
>> To
>>
>> if ($AllowPasswd) { # || $haverar) {
>>
>> This way if someone is using a rule file the action would change to
>> allow so
>> no one loses an attachment. I think warning them in the log and
>> defaulting
>> to "no", or taking away the ability to use rules is not a good
>> solution. The
>> UnpackZip sub respects the rule sets and it's not fair to take away the
>> ability to use a rule set there just to ensure password protected
>> RARs are
>> caught for all.
>>
>> Or just remove the CL_SCAN_BLOCKENCRYPTED flag all together. The only
>> reason
>> I made the suggestion was because MS doesn't include the UnpackRar sub,
>> which would catch the password protected RARs, respect the rules sets
>> and
>> report the file as password protected (rather than as an infected
>> file). I
>> thought adding the CL_SCAN_BLOCKENCRYPTED would allow other MS
>> systems to at
>> least catch protected RARs, even though the internal file name
>> processing
>> wouldn't take place.
>>
>> Doesn't matter to me either way since my patched Message.pm includes
>> UnpackRar, and SweepVirues.pm includes the $haverar checks, so I
>> never use
>> the CL_SCAN_BLOCKENCRYPTED flag anyway.
>>
>> Rick
>>
>
> First apologies for bringing up an old thread, but I noticed this today
> on my test server after adding a rule for "Allow Password-Protected
> Archives".
>
> MailScanner[24121]: "Allow Password-Protected Archives" should be set to
> just yes or no when using clamavmodule virus scanner
>
> Now that there is external unrar support for clamavmodule, can a ruleset
> be allowed again instead of yes/no?
>
> my setup
> ========
> MailScanner: 4.40.2-1
> unrar: 3.2.3-2.4
> clam: 0.83-1
> Mail::ClamAV: 0.17
>
> - dhawal
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list