Message body lost when zip file quarantined

Mark Sapiro mark at msapiro.net
Tue Aug 26 19:39:20 IST 2008 

Julian Field wrote:

>Just as a note for the list archive. I cannot reproduce the problem, it 
>works okay for me and does not throw away the message body.


Jules wrote to me off list, and it turns out he made a simplification
in my unduly complicated example which coincidently avoided the
problem. I have replied to Jules off list, but here's a summary of my
findings.

It turns out the problem can be triggered by a much simpler example.
Sorry for not analysing this more thoroughly before the original
report.

Here's how you can duplicate the problem:

1) create file.bat (or any forbidden name?)
2) zip file.bat into file.zip
3) place file.zip in otherwise empty directory x
4) zip directory x into x.zip

Now x.zip is a zip containing directory x which in turn contains
file.zip which is a zip of a file with a forbidden name.

Attach this file to a plain text message and send it through
MailScanner, and the plain text part will be lost.




>Mark Sapiro wrote:
>> On Sun, Aug 24, 2008 at 04:44:01PM +0100, Julian Field wrote:
>>   
>>> You shouldn't have left it that long! :-)
>>> Send them to me again, and I'll try to look at them this time. Sorry :-)
>>>
>>> --  
>>> Jules
>>>     
>>
>>
>> OK. I've resent them. Thanks.
>>
>> /Mark
>>
>>
>>   
>>> On 23 Aug 2008, at 19:46, Mark Sapiro <mark at msapiro.net> wrote:
>>>
>>>     
>>>> On July 3, 2008, Julian Field wrote:
>>>>       
>>>>> Mark Sapiro wrote:
>>>>>         
>>>>>> Julian Field wrote:>
>>>>>>
>>>>>>           
>>>>>>> Mark Sapiro wrote:
>>>>>>>
>>>>>>>             
>>>>>>>>> MailScanner is scanning a message with an attached .zip archive  
>>>>>>>>> which
>>>>>>>>> contains a number of .bat and .bat.bak files, other files and  
>>>>>>>>> even
>>>>>>>>> another zip archive which contains a single .bat file.
>>>>>>>>>
>>>>>>>>> Mailscanner detects all the .bat and .bat.bak files in the zip  
>>>>>>>>> files,
>>>>>>>>> sends a notice appropriately, and delivers the message with the
>>>>>>>>> attachment removed. All well and good. The problems are:
>>>>>>>>>
>>>>>>>>> 1) not only the original .zip is quarantined, but so also are the
>>>>>>>>> individual .bat, .bat.bak and .zip files extracted from the  
>>>>>>>>> original
>>>>>>>>> .zip (other files in the .zip with OK names are not). This is  
>>>>>>>>> not a
>>>>>>>>> major issue, but makes looking in the quarantine difficult as one
>>>>>>>>> doesn't know what files were separately attached and what files  
>>>>>>>>> were
>>>>>>>>> just in the .zip.
>>>>>>>>>
>>>>>>>>> 2) The more serious issue is the original message body is also  
>>>>>>>>> removed
>>>>>>>>>                 
>>>>>>>> >from the delivered message, and it is not stored anywhere.
>>>>>>>>               
>>>>>>>> So, is there some misconfiguration on my part that is causing the
>>>>>>>> loss of the message body, or is this and the redundant files in
>>>>>>>> quarantine the expected behavior?
>>>>>>>>
>>>>>>>>
>>>>>>>>               
>>>>>>> Number 2 is the one that interests me. Please can you send me a
>>>>>>> concrete example, preferably lifted straight out of a sendmail  
>>>>>>> queue.
>>>>>>>
>>>>>>>             
>>>>>> I use Postfix, not sendmail.
>>>>>>
>>>>>> Here's what I have:
>>>>>>
>>>>>> -The Postfix queue entry.
>>>>>> -The raw message received via bcc without passing through  
>>>>>> MailScanner
>>>>>> -The {Filename?} message delivered to the recipient after  
>>>>>> MailScanner
>>>>>> -The notice sent as a result of 'Send Notices = yes'
>>>>>>
>>>>>> Which of these would you like (and may I send it/them off list)?
>>>>>>
>>>>>>           
>>>>> All of the above please. Send them zipped up to
>>>>> mailscanner at ecs.soton.ac.uk.
>>>>>         
>>>> The files were sent on July 3 as requested. Has there been anything
>>>> discovered or done about this?
>>>>
>>>> -- 
>>>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>>>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>>>
>>>> -- 
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>       
>>> -- 
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>>
>>>     
>>
>>   
>
>Jules
>
>-- 
>Julian Field MEng CITP CEng
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>
>Need help customising MailScanner?
>Contact me!
>Need help fixing or optimising your systems?
>Contact me!
>Need help getting you started solving new requirements from your boss?
>Contact me!
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-- 
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list