new malware bypass MailScanner filename rules !
ezwww
info at ezwww.ch
Wed Mar 30 15:12:25 UTC 2016
> On 3/30/16 2:27 AM, ezwww wrote:
>>
>> It's a problem with mime header, body malformed that allowed to pass
>> MailScanner ?
>>
>
>>
>> --Apple-Mail=_31ABD19B-909E-3C06-CDC8-B14649A4772C
>> Content-Disposition: inline; filename="xxxxx_document_003F11.zip"
>> Content-Type: application/x-rar-compressed; x-unix-mode=0600;
>> name="xxxxx_document_003F11.zip"
>> Content-Transfer-Encoding: base64
>
>
> As mentioned in another reply, this is a RAR compressed file, not a true
> ZIP. Do you have unrar installed and, e.g.
>
> Unrar Command = /usr/bin/unrar
>
> pointing to it in your MailScanner config?
>
>
result linux command unrar extraction
> /usr/bin/unrar x 04EBD_xxxx.xxxx_A546BB.zip
Extracting from 04EBD_xxxx.xxxx_A546BB.zip
Extracting a0f10f.js OK
Extracting K OK
All OK
More information about the MailScanner
mailing list