Problem with password protected spreadsheets
Tony Canning
tonyc at foe.co.uk
Thu Mar 15 13:10:20 CET 2007
>>Tony Canning wrote:
>> I have a problem which is upsetting several of our network users - password protected excel (.xls) files are not delivered, in-bound or out-bound.
>>
>> I am using MailScanner-4.57.6, with Sophos, ClamAV & Spamassassin under Solaris.
>> Here is a sample of the problem from the system log:
>>
>> Mar 13 17:03:31 localhost MailScanner[6078]: Virus Scanning: ClamAV
>> found 1 infections Mar 13 17:03:31 localhost MailScanner[6078]:
>> Infected message l2DH2wid008740 came from 172.16.1.13 Mar 13 17:03:31
>> localhost MailScanner[6078]: Virus Scanning: Found 1 viruses Mar 13
>> 17:03:31 localhost MailScanner[6078]: <A> tag found in message
>> l2DH2wid008740 from v.harwood-smart at foe.co.uk Mar 13 17:03:31
>> localhost MailScanner[6078]: Virus Scanning completed at 959 bytes per
>> second Mar 13 17:03:31 localhost MailScanner[6078]: Viruses marked as
>> silent: Password protected file ./l2DH2wid008740/rolling phone upgrade
>> gift aid decs.zip/rolling phone upgrade gift aid decs.txt
>>
>> It appears from the above that ClamAV is treating it as false positive virus?
>That's not a password protected XLS, it's a password protected .zip file containing a .txt file.
Yes, you're right of course from the example I provided - here is the same thing happening with
a spreadsheet:
Mar 8 10:01:59 localhost MailScanner[25266]: Virus Scanning: ClamAV found 1 infections
Mar 8 10:01:59 localhost MailScanner[25266]: Infected message l28A1aid025590 came from 172.16.1.13
Mar 8 10:01:59 localhost MailScanner[25266]: Virus Scanning: Found 1 viruses
Mar 8 10:01:59 localhost MailScanner[25266]: <A> tag found in message l28A1aid025590 from v.harwood-smart at foe.co.uk
Mar 8 10:01:59 localhost MailScanner[25266]: Virus Scanning completed at 24252 bytes per second
Mar 8 10:01:59 localhost MailScanner[25266]: Viruses marked as silent: Password protected file ./l28A1aid025590/Rolling Phone Upgrade Data Output.xls
>> I have the following parameters configured:
>>
>> Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses
>> = no Block Encrypted Messages = no Allow Password-Protected Archives =
>> yes Allowed Sophos Error Messages = "File was encrypted"
>>
>From the looks of it, you're using clamav, not clamavmodule.
do you have the "block-encrypted" option in /usr/lib/MailScanner/clamav-wrapper?
--
No, there is no entry relating the encryption at all.
Thanks
Tony
More information about the MailScanner
mailing list