stopping clamav detecting encrypted zip files

Gareth list-mailscanner at linguaphone.com
Thu Apr 19 17:29:38 IST 2007


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Glenn
> Steen
> Sent: 19 April 2007 14:33
> To: MailScanner discussion
> Subject: Re: stopping clamav detecting encrypted zip files
>
>
> On 05/04/07, Gareth <list-mailscanner at linguaphone.com> wrote:
> > On Thu, 2007-04-05 at 10:10, Dhawal Doshy wrote:
> > > Gareth wrote:
> > > > On Wed, 2007-04-04 at 17:04, Aaron K. Moore wrote:
> > > >
> > > >> Are you using the clamavmodule?  I've had the same
> problem.  There's a
> > > >> commandline switch to turn that notice if when using
> clamscan, but not
> > > >> with the module.  I'd suggested earlier that someone
> should add code for
> > > >> clamav, like the code for Sophos that allows you to
> specify messages to
> > > >> ignore.
> > > >
> > > > I think its a bug in Mailscanner. There appears to be code
> in place in
> > > > the routine which calls clamavmodule which disables blocking of
> > > > encrypted files if there is a config option 'allowpasszips'
> set but I
> > > > cannot find that option.
> > > >
> > > > Anyway below is a diff which disables blocking of encrypted archives
> > > > which is working fine for me.
> > > >
> > > > /usr/lib/MailScanner/MailScanner/SweepViruses.pm
> > > > 1069c1069
> > > > <
> Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED()
> > > > |
> > > > ---
> > > >> #
> Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED()
> > > > |
> > >
> > > [Quoting Julian from 07/20/2005]
> > > If you have MailScanner set to allow password-protected zip and rar
> > > archives, then this option is disabled. If you have it set to block
> > > password-protected archives, then this option is enabled.
> > > [Quoting Julian from 07/20/2005]
> > >
> > > See this thread:
> http://thread.gmane.org/gmane.mail.virus.mailscanner/30201
> >
> > Thanks. I wanted Mailscanner to block encrypted archives which it does
> > well by itself but not to tell clamav to identify encrypted archives as
> > viruses.
> >
> It's Ruleset Time:
> You want MailScanner to block the initial message, hence you want a
> default of "yes" in the ruleset, but not when releasing from
> quarantine... so ... since this will likely be released from
> 127.0.0.1, make a rule that sets it to "no" (or indeed do this on Scan
> Message) for that IP address. Problem solved:-).
>
> Cheers
> --
> -- Glenn

Please read my question again. The problem was mailwatch not allowing the
file to be released from quaranteen because it was identified as a virus.
Not the fact that a released message was being re-quaranteened which your
answer would refer to.



More information about the MailScanner mailing list