No filetype checks on RAR-archives

Volker Dose vpdose at kirchenweg.de
Tue Apr 14 15:19:27 UTC 2015 

Hi Mailing-List,

 

I have set up a new MS installation and do not manage to get  filetype/filename
checks working inseid of rar-archives.

 

 

I am using MS with postfix and ClamAV as virus scanner. I have added the
SaneSecurity files for ClamAV also.

 

The filetype checks are working fine on 7z-archives and zip-archives are also
searched for unwanted filetypes. even Excel files are unpacked and checked. I
understand, that clamav is not able to check RAR-archives anymore, right?

 

 

 

This are the relevant setting ( I hope ;-)

 Maximum Archive Depth = 8

Find Archives By Content = yes

Unpack Microsoft Documents = no

Archives Are = zip rar

Archives: Deny Filenames =  \.com$ \.exe$ \.cpl$ \.pif$

Archives: Deny Filetypes = executable

 

 

This are my settings:

 

[root at mailscanner MailScanner]# cat /etc/redhat-release

CentOS release 6.6 (Final)

[root at mailscanner MailScanner]# rpm -q postfix

postfix-2.6.6-6.el6_5.i686

 

[root at mailscanner MailScanner]# MailScanner --lint

Trying to setlogsock(unix)

 

Reading configuration file /etc/MailScanner/MailScanner.conf

Reading configuration file /etc/MailScanner/conf.d/README

Read 1084 hostnames from the phishing whitelist

Read 11741 hostnames from the phishing blacklists

Config: calling custom init function SQLBlacklist

Starting up SQL Blacklist

Read 250 blacklist entries

Config: calling custom init function MailWatchLogging

Started SQL Logging child

Config: calling custom init function SQLWhitelist

Starting up SQL Whitelist

Read 499 whitelist entries

 

Checking version numbers...

Version number in MailScanner.conf (4.84.6) is correct.

 

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

MailScanner setting GID to  (89)

MailScanner setting UID to  (89)

 

Checking for SpamAssassin errors (if you use it)...

Using SpamAssassin results cache

Connected to SpamAssassin cache database

bayes: cannot open bayes databases /var/spool/MailScanner/bayes/bayes_* R/O: tie
failed: Permission denied

bayes: cannot open bayes databases /var/spool/MailScanner/bayes/bayes_* R/O: tie
failed: Permission denied

pyzor: check failed: internal error, python traceback seen in response

SpamAssassin reported no errors.

Connected to Processing Attempts Database

Created Processing Attempts Database successfully

There are 6 messages in the Processing Attempts Database

Using locktype = posix

MailScanner.conf says "Virus Scanners = f-prot-6 clamd"

Found these virus scanners installed: clamavmodule, f-prot-6, sophossavi,
mcafee6, clamd

===========================================================================

Filename Checks: Windows/DOSExecutable (1 eicar.com)

Completed checking by /usr/local/bin/file_wrapper at
/usr/lib/MailScanner/MailScanner/SweepOther.pm line 488

Completed checking by /usr/local/bin/file_wrapper -i at
/usr/lib/MailScanner/MailScanner/SweepOther.pm line 570

Filetype Checks: Allowing 1 eicar.com : identified as ASCII text

Filetype Mime Checks: Allowing 1 eicar.com (no match found)

Other Checks: Found 1 problems

Virus and Content Scanning: Starting

Scanning: /

[Found virus] <EICAR_Test_File (exact)> ./1/eicar.com at
/usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2530

Virus Scanning: F-Prot6 found 1 infections

Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com

Virus Scanning: Clamd found 2 infections

Infected message 1 came from 10.1.1.1

Virus Scanning: Found 3 viruses

===========================================================================

Virus Scanner test reports:

F-Prot6 said "[Found virus] <EICAR_Test_File (exact)> ./1/eicar.com"

Clamd said "eicar.com was infected: Eicar-Test-Signature"

 

If any of your virus scanners (clamavmodule,f-prot-6,sophossavi,mcafee6,clamd)

are not listed there, you should check that they are installed correctly

and that MailScanner is finding them correctly via its virus.scanners.conf.

Config: calling custom end function SQLBlacklist

Closing down by-domain spam blacklist

Config: calling custom end function MailWatchLogging

Config: calling custom end function SQLWhitelist

Closing down by-domain spam whitelist

[root at mailscanner MailScanner]

 

 

 

Best regards

Volker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150414/86316cf6/attachment.html>

More information about the MailScanner mailing list