exe not banned in zip file

William Bernard - Hanlees Dealership Group william.bernard at hanlees.net
Tue Jun 9 00:33:55 CEST 2015



Sorry for the duplicate thread, the a nswer was found in a previous thread here.. 


http://lists.amavis.org/pipermail/amavis-users/2015-May/003636.html 







Regards 


----- Original Message -----

From: "William Bernard - Hanlees Dealership Group" <william.bernard at hanlees.net> 
To: amavis-users at amavis.org 
Sent: Monday, June 8, 2015 2:10:22 PM 
Subject: exe not banned in zip file 



Hello, 


I recently came across a zip file attachment containing a malware exe that is not being banned by amavis. 
The amavis configuration allows for zip but not exe files. 


If amavis is configured to ban zip files, amavis does recognize the file as zip and bans it. 


If the exe is unzipped first then sent, amavis does recognize the file as exe and bans it. 


I checked and amavis is using the internal decoder for .zip files, which is able to manually unarchive the file. 
I also tried to set the decoder to use 7z for zip, but the exe was still not banned. 


Oddly, the maillog shows no warnings or errors. All other zip files containging exe's are properly banned. 


This is using amavisd-new-2.6.6 running on Ubuntu 10.04.4 LTS x64. 


The malware contained in the zip is dyreza, more info about the file can be found here. 


https://www.virustotal.com/en/file/d60e70b89a9c8179bb7486d8a447d3100cfcff598746eaf9bffa15589e5eb9e8/analysis/ 







Regards 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20150608/7fe3367d/attachment.html>


More information about the amavis-users mailing list