Message body lost when zip file quarantined

Mark Sapiro mark at msapiro.net
Sun Aug 24 23:36:04 IST 2008 

On Sun, Aug 24, 2008 at 04:44:01PM +0100, Julian Field wrote:
> You shouldn't have left it that long! :-)
> Send them to me again, and I'll try to look at them this time. Sorry :-)
> 
> --  
> Jules


OK. I've resent them. Thanks.

/Mark


> On 23 Aug 2008, at 19:46, Mark Sapiro <mark at msapiro.net> wrote:
> 
> >On July 3, 2008, Julian Field wrote:
> >>
> >>
> >>Mark Sapiro wrote:
> >>>Julian Field wrote:>
> >>>
> >>>>Mark Sapiro wrote:
> >>>>
> >>>>>>MailScanner is scanning a message with an attached .zip archive  
> >>>>>>which
> >>>>>>contains a number of .bat and .bat.bak files, other files and  
> >>>>>>even
> >>>>>>another zip archive which contains a single .bat file.
> >>>>>>
> >>>>>>Mailscanner detects all the .bat and .bat.bak files in the zip  
> >>>>>>files,
> >>>>>>sends a notice appropriately, and delivers the message with the
> >>>>>>attachment removed. All well and good. The problems are:
> >>>>>>
> >>>>>>1) not only the original .zip is quarantined, but so also are the
> >>>>>>individual .bat, .bat.bak and .zip files extracted from the  
> >>>>>>original
> >>>>>>.zip (other files in the .zip with OK names are not). This is  
> >>>>>>not a
> >>>>>>major issue, but makes looking in the quarantine difficult as one
> >>>>>>doesn't know what files were separately attached and what files  
> >>>>>>were
> >>>>>>just in the .zip.
> >>>>>>
> >>>>>>2) The more serious issue is the original message body is also  
> >>>>>>removed
> >>>>>>from the delivered message, and it is not stored anywhere.
> >>>>>>
> >>>>>So, is there some misconfiguration on my part that is causing the
> >>>>>loss of the message body, or is this and the redundant files in
> >>>>>quarantine the expected behavior?
> >>>>>
> >>>>>
> >>>>Number 2 is the one that interests me. Please can you send me a
> >>>>concrete example, preferably lifted straight out of a sendmail  
> >>>>queue.
> >>>>
> >>>
> >>>
> >>>I use Postfix, not sendmail.
> >>>
> >>>Here's what I have:
> >>>
> >>>-The Postfix queue entry.
> >>>-The raw message received via bcc without passing through  
> >>>MailScanner
> >>>-The {Filename?} message delivered to the recipient after  
> >>>MailScanner
> >>>-The notice sent as a result of 'Send Notices = yes'
> >>>
> >>>Which of these would you like (and may I send it/them off list)?
> >>>
> >>All of the above please. Send them zipped up to
> >>mailscanner at ecs.soton.ac.uk.
> >
> >
> >The files were sent on July 3 as requested. Has there been anything
> >discovered or done about this?
> >
> >-- 
> >Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> >San Francisco Bay Area, California    better use your sense - B. Dylan
> >
> >-- 
> >MailScanner mailing list
> >mailscanner at lists.mailscanner.info
> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >Before posting, read http://wiki.mailscanner.info/posting
> >
> >Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> 

-- 
Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list