.gz Archives are _not_ analyzed correctly
Heino Backhaus
heino.backhaus at fink-computer.de
Tue Jun 2 14:55:36 UTC 2015
It's not an GnuZip it's a RAR-Archive.
This should bring some light on it:
root at mailscanner2014:~/test# unrar l DP386592711.gz
UNRAR 5.00 beta 8 freeware Copyright (c) 1993-2013 Alexander Roshal
Archive: DP386592711.gz
Details: RAR 4
Attributes Size Date Time Name
----------- --------- -------- ----- ----
..A.... 675840 02-06-15 06:39 RFQ - DP386592711.exe
----------- --------- -------- ----- ----
675840 1
But shouldn't Mailscanner detect that it is a RAR-Archive and check the
content anyway?
Ok, i think it's the best to block RAR Archives until i get some more
help or knowledge.
Thanks
-Heino
Am 02.06.2015 um 13:45 schrieb Heino Backhaus:
> Hello List,
>
> so now after a lot of testing i can say that in my installation attached
> .gz - Archives are not analyzed as i expect/want them to be...
> Executables in .gz - Files will not be blocked. They are handled
> different than in .zip - Files and I don't have a clue.
> Is there anyone who can tell me what to do to block executeables in .gz
> - Files ? Or where to look ?
>
>
> Thanks
> -Heino
>
>
>
> Am 02.06.2015 um 12:11 schrieb Heino Backhaus:
>> Hello List,
>>
>> again i need some help.
>>
>> Actualy we receive brand new Windows Viruses in .gz files. MS is
>> configured to block executables in Archives but they're going through.
>>
>> Does anybode has a fast hint wich parameters i should double-check.
>>
>> My Mailscanner Version is: 4.84.6-1
>>
>>
>> Cheers
>> -Heino
>>
>>
>
>
More information about the MailScanner
mailing list