Potential issue with docx format and Clam
Jeff A. Earickson
jaearick at colby.edu
Mon Apr 20 14:25:31 IST 2009
Martin,
I do run clamd, so maybe this entry in MailScanner.conf has nothing to do
with my problem. Time to look at my clamd.conf file... Thanks for the
whack on the head.
As for Oracle buying Sun, NOOOOO.... Say it ain't so. We use a
calendaring software originally put out by Steltor in Canada. Oracle
bought them out and turned it into Oracle Calendar. It is the exact
same product under the covers, but Oracle buried it under tons of code
gook that makes it impossible to patch or reinstall. They took a 100
MB install and bloated it to 4+ GB. And their support structure is the
most opaque and unfriendly of any tech company that I have ever dealt
with. I can't imagine what they will do to Solaris.
Jeff Earickson
Colby College
On Mon, 20 Apr 2009, Martin Hepworth wrote:
> Date: Mon, 20 Apr 2009 13:47:23 +0100
> From: Martin Hepworth <maxsec at gmail.com>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: Potential issue with docx format and Clam
>
> Jeff
> what happens if you use Clamd rather than the module so you can update
> quicker (no reliance on module maintainers releasing a new version) and MS
> children are smaller and startup faster?
>
> --
> Martin Hepworth
> Oxford, UK
>
> 2009/4/20 Jeff A. Earickson <jaearick at colby.edu>
>
>> Julian,
>>
>> I'm forwarding along a note from our support desk people, who seem to
>> have uncovered an issue with Office 2007/2008 docx file formats and
>> the ClamAV recursion level. In my case, I am running MS 4.75.9-2 with
>>
>> ClamAVmodule Maximum Recursion Level = 8
>>
>> Adam's detective work below suggests that this setting may be too low
>> for Office 2007/2008 docx attachments. Anybody else seen this?
>>
>> (Time for me to upgrade to the latest stable version, or the latest beta).
>>
>> Jeff Earickson
>> Colby College
>>
>> ---------- Forwarded message ----------
>>
>> I did some experimenting with this situation [rejections of email with
>> "Report: MailScanner: Message contained archive nested too deeply" messages]
>> and here is what I found:
>>
>> - As you may or may not know the new Office 2007/2008 file format is really
>> just a renamed .zip file containing other files and folders that make up
>> the
>> document.
>>
>> - If you insert an object into a .docx that is, for instance, a PowerPoint
>> slide it is inserted as a .pptx (again, just a .zip with a different
>> extension).
>>
>> - If that slide contains an inserted Excel table, it is inserted as a .xlsx
>> (.zip).
>>
>> - So if you add all those up you have the original .docx, which contains a
>> folder called "embedded", in that folder is a .pptx file, inside that is a
>> folder called "embedded", in that folder is a .xlsx file, inside that is a
>> series of files and folders. So all that added up is 7 layers.
>>
>> I was able to duplicate Todd's error with my own .docx, .pptx and .xlsx,
>> but
>> I noticed that it had to be all three. If I tried to email a .docx with
>> just a PowerPoint slide embedded it went fine. And if I tried to email a
>> .pptx with an embedded Excel Table that went fine too. So it seems as
>> though we may need to adjust some settings on MailScanner to allow for this
>> type of file to pass because as we convert more and more people to Office
>> 2007/2008 we are going to be more likely to run into these types of
>> situations.
>>
>> ------------
>> Adam Nielsen
>> Faculty and Staff Support Center
>> x4222
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
More information about the MailScanner
mailing list