Encrypted RAR not recognized as such...
Ralf Hildebrandt via amavis-users
amavis-users at amavis.org
Thu Aug 29 16:41:13 CEST 2013
On one system with amavis I'm encountering an issue with encrypted RAR
files - they are "Passed CLEAN" on a system with "unrar-free" from
Debian (http://packages.debian.org/wheezy/unrar-free) :
Aug 29 16:32:55 scanner amavis[6725]: Found decoder for .rar at /usr/bin/unrar-free
...
Aug 29 16:10:45 scanner amavis[23731]: (23731-01) Passed CLEAN, [IP] [IP], filename: (), mail_id: , Message-ID: <822.1377784982 at HOSTNAME>, Hits: -, size: 929, queued_as: 5558663, scan_time: 110 ms, <ralf.hildebrandt at charite.de> -> <empfaenger at 1.example.com>
While on mail.charite.de with amavisd-new-2.8.1 (using "rar" from
Ubuntu) I'm getting "Passed UNCHECKED", as expected:
Aug 29 16:25:39 mail amavis[16749]: Found decoder for .rar at /usr/bin/rar
...
Aug 29 15:57:39 mail amavis[26959]: (26959-05) Checking: 5iuKFtoOi-87 [209.85.212.169] <ralf.hildebrandt at gmail.com> -> <ralf.hildebrandt at charite.de>
Aug 29 15:57:39 mail amavis[26959]: (26959-05) p003 1 Content-Type: multipart/mixed
Aug 29 15:57:39 mail amavis[26959]: (26959-05) p001 1/1 Content-Type: text/plain, size: 6 B, name:
Aug 29 15:57:39 mail amavis[26959]: (26959-05) p002 1/2 Content-Type: application/rar, size: 91 B, name: test.rar
Aug 29 15:57:39 mail amavis[26959]: (26959-05) do_unrar: p002, 1 members are encrypted, none extracted, archive retained
Aug 29 15:57:45 mail amavis[26959]: (26959-05) FWD from <ralf.hildebrandt at gmail.com> -> <ralf.hildebrandt at charite.de>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3cQlkx0shTzCrFw
Aug 29 15:57:45 mail amavis[26959]: (26959-05) Passed UNCHECKED {RelayedInbound}, [209.85.212.169]:43540 [209.85.212.169] <ralf.hildebrandt at gmail.com> -> <ralf.hildebrandt at charite.de>, Message-ID: <CAN3ODnhsSrGDnPtSMRQeJGaUsyy1VXmm5r2eN7Mr28V-HHqjqQ at mail.gmail.com>, mail_id: 5iuKFtoOi-87, Hits: -2.775, size: 2068, queued_as: 3cQlkx0shTzCrFw, dkim_sd=20120113:gmail.com, 5369 ms
Deinstalling "rar" in favour of "unrar-free" gives me the same "Passed
CLEAN" behaviour on mail.charite.de
Bug in unrar-free? Bug in amavis (maybe unrar-free is called in a
non-appropriate way?)
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebrandt at charite.de Campus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
More information about the amavis-users
mailing list