Partially password protected archive Passed CLEAN
Ralf Hildebrandt via amavis-users
amavis-users at amavis.org
Tue Sep 10 11:09:25 CEST 2013
I modified a 42.zip to contain some password protected components.
This archive is "Passed CLEAN" instead of falling in the UNCHECKED
category. Note that 7-zip is being used to unpack the ZIP files.
The logs:
Sep 10 10:53:03 mail amavis[9319]: (09319-09) ESMTP::10025 /var/amavis/amavis-20130910T105000-09319-V27h_cGX: <sender at example.com> -> <recipient at example.com> SIZE=59586 RET=HDRS Received: from mail.charite.de ([127.0.0.1]) by localhost (mail.charite.de [127.0.0.1]) (amavisd-new, port 10025) with ESMTP for <recipient at example.com>; Tue, 10 Sep 2013 10:53:03 +0200 (CEST)
Sep 10 10:53:03 mail amavis[9319]: (09319-09) dkim: VALID Author+Sender+MailFrom signature by d=sys4.de, From: <sender at example.com>, a=rsa-sha256, c=relaxed/simple, s=mail201205, i=@example.com
Sep 10 10:53:03 mail amavis[9319]: (09319-09) Checking: ICDGt5otIlHh [194.126.158.139] <sender at example.com> -> <recipient at example.com>
Sep 10 10:53:03 mail amavis[9319]: (09319-09) p003 1 Content-Type: multipart/mixed
Sep 10 10:53:03 mail amavis[9319]: (09319-09) p001 1/1 Content-Type: text/plain, size: 6 B, name:
Sep 10 10:53:03 mail amavis[9319]: (09319-09) p002 1/2 Content-Type: application/zip, size: 42838 B, name: Test42Test.zip
Sep 10 10:53:03 mail amavis[9319]: (09319-09) (!!)collect_results from [12001] (/usr/bin/7za): exit 2 \n7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18\np7zip Version 9.20 (locale=C,Utf16=off,HugeFiles=on,4 CPUs)\n\nProcessing archive: /var/amavis/amavis-20130910T105000-09319-V27h_cGX/parts/p002\n\nExtracting lib 0.zip\nEnter password (will not be echoed) : Data Error in encrypted file. Wrong password?\nExtracting lib 1.zip Data Error in encrypted file. Wrong password?\nExtracting lib 2.zip Data Error in encrypted file. Wrong password?\nExtracting lib 3.zip Data Error in encrypted file. Wrong password?\nExtracting lib 4.zip Data Error in encrypted file. Wrong password?\nExtracting lib 5.zip Data Error in encrypted file. Wrong password?\nExtracting lib 6.zip Data Error in encrypted file. Wrong password?\nExtracting lib 7.zip Data Error in encrypted file. Wrong password?\nExtracting lib 8.zip Data Error in encrypted file
. Wrong passwo...
Sep 10 10:53:03 mail amavis[9319]: (09319-09) (!!)...rd?\nExtracting lib 9.zip Data Error in encrypted file. Wrong password?\nExtracting lib a.zip Data Error in encrypted file. Wrong password?\nExtracting lib b.zip Data Error in encrypted file. Wrong password?\nExtracting lib c.zip Data Error in encrypted file. Wrong password?\nExtracting lib d.zip Data Error in encrypted file. Wrong password?\nExtracting lib e.zip Data Error in encrypted file. Wrong password?\nExtracting lib f.zip Data Error in encrypted file. Wrong password?\n\nSub items Errors: 16\n\n
Sep 10 10:53:08 mail amavis[9319]: (09319-09) FWD from <sender at example.com> -> <recipient at example.com>,RET=HDRS BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3cZ0Pw04nlzCr1W
Sep 10 10:53:08 mail amavis[9319]: (09319-09) Passed CLEAN {RelayedInbound}, [10.0.0.1]:44393 [10.0.0.1] <sender at example.com> -> <recipient at example.com>, Message-ID: <20130910084507.GC8512 at example.com>, mail_id: ICDGt5otIlHh, Hits: -4.144, size: 60340, queued_as: 3cZ0Pw04nlzCr1W, dkim_sd=mail201205:sys4.de, 4557 ms
Sep 10 10:53:08 mail amavis[9319]: (09319-09) OS_fingerprint: 10.0.0.1 -4.144 ham.UNKNOWN - UNKNOWN [S10:52:1:60:M1460,S,T,N,W0:.:?:?] [priority1] (up: 354 hrs), (link: ethernet/modem)
Sep 10 10:53:08 mail amavis[9319]: (09319-09) TIMING-SA [total 4318 ms, cpu 436 ms] - parse: 4 (0.1%), extract_message_metadata: 12 (0.3%), get_uri_detail_list: 0.54 (0.0%), tests_pri_-1000: 6 (0.1%), tests_pri_-950: 1.10 (0.0%), tests_pri_-900: 1.15 (0.0%), tests_pri_-400: 2615 (60.6%), check_bayes: 2606 (60.4%), b_tokenize: 3 (0.1%), b_tok_get_all: 1.83 (0.0%), b_comp_prob: 1.73 (0.0%), b_tok_touch_all: 0.08 (0.0%), b_finish: 2327 (53.9%), tests_pri_0: 1627 (37.7%), check_spf: 127 (2.9%), poll_dns_idle: 113 (2.6%), check_dcc: 1453 (33.7%), tests_pri_500: 6 (0.1%), tests_pri_1000: 18 (0.4%), total_awl: 16 (0.4%), check_awl: 0.16 (0.0%), update_awl: 0.07 (0.0%), learn: 8 (0.2%), get_report: 1.16 (0.0%)
Sep 10 10:53:08 mail amavis[9319]: (09319-09) size: 60340, TIMING [total 4562 ms, cpu 580 ms, AM-cpu 144 ms, SA-cpu 436 ms] - SMTP greeting: 2 (0%)0, SMTP EHLO: 0 (0%)0, SMTP pre-MAIL: 0 (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 1 (0%)0, check_init: 0 (0%)0, digest_hdr: 2 (0%)0, digest_body_dkim: 7 (0%)0, mime_decode: 14 (0%)1, get-file-type2: 18 (0%)1, ren0-unl16-files16: 77 (2%)3, decompose_part: 0 (0%)3, get-file-type0: 0 (0%)3, parts_decode: 0 (0%)3, check_header: 0 (0%)3, AV-scan-1: 57 (1%)4, spam-wb-list: 1 (0%)4, SA msg read: 1 (0%)4, SA parse: 5 (0%)4, SA check: 4306 (94%)99, decide_mail_destiny: 9 (0%)99, notif-quar: 0 (0%)99, fwd-connect: 4 (0%)99, fwd-xforward: 0 (0%)99, fwd-mail-pip: 1 (0%)99, fwd-rcpt-pip: 0 (0%)99, fwd-data-chkpnt: 0 (0%)99, write-header: 1 (0%)99, fwd-data-contents: 1 (0%)99, fwd-end-chkpnt: 42 (1%)100, prepare-dsn: 1 (0%)100, main_log_entry: 5 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100, unlink-2-files
: 0 (0%)100, r...
Sep 10 10:53:08 mail amavis[9319]: (09319-09) ...undown: 1 (0%)100
Sep 10 10:53:08 mail amavis[9319]: (09319-09) size: 60340, RUSAGE minflt=10074+3749, majflt=0+0, nswap=0+0, inblock=0+0, oublock=21352+0, msgsnd=0+0, msgrcv=0+0, nsignals=0+0, nvcsw=81+3, nivcsw=37+5, maxrss=131420+128696, ixrss=0+0, idrss=0+0, isrss=0+0, utime=0.432+0.036, stime=0.088+0.024
Sep 10 10:53:08 mail amavis[9319]: (09319-09) extra modules loaded: unicore/lib/Hex/Y.pl
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
recipient at example.com Campus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
More information about the amavis-users
mailing list