Message body lost when zip file quarantined

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jul 3 22:43:14 IST 2008 


Mark Sapiro wrote:
> Julian Field wrote:>
>   
>> Mark Sapiro wrote:
>>     
>>>> MailScanner is scanning a message with an attached .zip archive which
>>>> contains a number of .bat and .bat.bak files, other files and even
>>>> another zip archive which contains a single .bat file.
>>>>
>>>> Mailscanner detects all the .bat and .bat.bak files in the zip files,
>>>> sends a notice appropriately, and delivers the message with the
>>>> attachment removed. All well and good. The problems are:
>>>>
>>>> 1) not only the original .zip is quarantined, but so also are the
>>>> individual .bat, .bat.bak and .zip files extracted from the original
>>>> .zip (other files in the .zip with OK names are not). This is not a
>>>> major issue, but makes looking in the quarantine difficult as one
>>>> doesn't know what files were separately attached and what files were
>>>> just in the .zip.
>>>>
>>>> 2) The more serious issue is the original message body is also removed
>>>> from the delivered message, and it is not stored anywhere.
>>>>         
>>> So, is there some misconfiguration on my part that is causing the loss 
>>> of the message body, or is this and the redundant files in quarantine 
>>> the expected behavior?
>>>
>>>       
>> Number 2 is the one that interests me. Please can you send me a concrete 
>> example, preferably lifted straight out of a sendmail queue.
>>     
>
>
> I use Postfix, not sendmail.
>
> Here's what I have:
>
> -The Postfix queue entry.
> -The raw message received via bcc without passing through MailScanner
> -The {Filename?} message delivered to the recipient after MailScanner
> -The notice sent as a result of 'Send Notices = yes'
>
> Which of these would you like (and may I send it/them off list)?
>   
All of the above please. Send them zipped up to mailscanner at ecs.soton.ac.uk.

Thanks!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list