.gz Archives are _not_ analyzed correctly

Heino Backhaus heino.backhaus at fink-computer.de
Tue Jun 2 14:55:36 UTC 2015


It's not an GnuZip it's a RAR-Archive.


This should bring some light on it:

root at mailscanner2014:~/test# unrar l DP386592711.gz

UNRAR 5.00 beta 8 freeware      Copyright (c) 1993-2013 Alexander Roshal

Archive: DP386592711.gz
Details: RAR 4

  Attributes      Size    Date   Time   Name
----------- ---------  -------- -----  ----
     ..A....    675840  02-06-15 06:39  RFQ - DP386592711.exe
----------- ---------  -------- -----  ----
                675840                  1

But shouldn't Mailscanner detect that it is a RAR-Archive and check the 
content anyway?

Ok, i think it's the best to block RAR Archives until i get some more 
help or knowledge.


Thanks
-Heino

Am 02.06.2015 um 13:45 schrieb Heino Backhaus:
> Hello List,
>
> so now after a lot of testing i can say that in my installation attached
> .gz - Archives are not analyzed as i expect/want them to be...
> Executables in .gz - Files will not be blocked. They are handled
> different than in .zip - Files and I don't have a clue.
> Is there anyone who can tell me what to do to block executeables in .gz
> - Files ? Or where to look ?
>
>
> Thanks
>   -Heino
>
>
>
> Am 02.06.2015 um 12:11 schrieb Heino Backhaus:
>> Hello List,
>>
>> again i need some help.
>>
>> Actualy we receive brand new Windows Viruses in .gz files. MS is
>> configured to block executables in Archives but they're going through.
>>
>> Does anybode has a fast hint wich parameters i should double-check.
>>
>> My Mailscanner Version is: 4.84.6-1
>>
>>
>> Cheers
>> -Heino
>>
>>
>
>


More information about the MailScanner mailing list