multi-volume RAR archive problem

[Curu Wong]

I think this is indeed a better solution.

2011/1/26 Rick Cooper <rcooper at dwford.com>

>  If this is causing an issue the fix would be in the unpackrar function to
> test if the file is part of a multi-volume archive and not try and extract
> the file. But this is the same as allowing multipart emails, I wouldn't do
> it because there is no way to virus test a multipart attachment. Of course
> there could be a new config option to allow multi-volume rar (or
> maybe archives in general?) files that was rule based so you could allow a
> file name pattern from your own users and disallow from all else.
>
> Testing for the multi-volume is fast and pretty easy. Command line would be
> :
>     /path/unrar lv FileName
> Output would be either
>
> -------------------------------------------------------------------------------
>     1        185500442 52428702  28%       volume 1
>                      ^            ^                           ^        +--
> Volume Number
>                      |            |                           + -----------
> The Word Volume
>                      |            +----------------------------------------
> The size of this file
>                      +-----------------------------------------------------
> Total size of combined volume
> or
>
>
> -------------------------------------------------------------------------------
>     0                0 52428702   0%       volume 2
>
> The first number is 1 for the first part and zero for the others so if the
> file size is known a regex (with all white space truncated to one char, no
> leading or trailing)
>     /^\d+\s\d+\s$FileSize\s\d+\%\svolume\s+$/, the file size part is just
> insurance we don't hit the string somewhere in the listing but really I
> think just adding
> another \d+ would suffice
> If this regex hit (and could probably just change the $FileSize to another
> \d+) you would know it was part of a multi-volume set.
> To me this is an overly complicated change to accommodate a one off
> situation. Can you not just enter pass in one of the file rules sets?
>
> I am looking at the unrar code and as I thought the lv is already used to
> check for password protection so changing the relevant part to:
>
>   foreach $what (@test) {
>     #print STDERR "Processing \"$what\"\n";
>     # If we haven't hit any ------- lines at all, and we are prompted for
>     # a password, then the whole archive is password-protected.
>     unless ($BeginInfo || $EndInfo) {
>       if ($what =~ /^Encrypted file:/i && !$allowpasswords) {
>         MailScanner::Log::WarnLog("Password Protected RAR Found");
>         return "password";
>       }
>       if ($what =~ /^\s+\d+\s+\d+\s+\d+\s+\d+%\s+volume\s{0,}$/i) {
>         MailScanner::Log::WarnLog("Multi-Volume RAR Found");
>         return "multivolume";
>       }
>
>     }
> This would prevent MailScanner from attempting to unpack the file and if
> the return is multivolume MS could handle it according to a configured
> setting, or default to rejecting outright instead of trying until it hits
> maxfail and rejects it.
>
> Back to Julian
>
> Rick
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110127/9ac96cd7/attachment.html