This zip file passes the .exe banning why?
Thomas Jarosch
thomas.jarosch at intra2net.com
Mon Apr 11 16:58:11 CEST 2016
Hi Alessandro,
On Monday, 11. April 2016 16:38:15 Alessandro Briosi wrote:
> This is what is detected:
> Apr 11 14:36:28 mail amavis[31751]: (31751-01) p003 1 Content-Type:
> multipart/mixed
> Apr 11 14:36:28 mail amavis[31751]: (31751-01) p001 1/1 Content-Type:
> text/plain, size: 564 B, name:
> Apr 11 14:36:28 mail amavis[31751]: (31751-01) p002 1/2 Content-Type:
> application/zip, size: 59784 B, name: documento_
> fatturaaccompagnatoria_.pdf.zip
>
> which seems pretty correct to me
>
> No white listing I can guess of.
> If I unzip the file and rezip it, then send an identical mail the file
> is blocked.
the problem here is that the .exe file is not unzipped correctly.
I could reproduce the problem locally.
We've received a similar sample virus six weeks ago and privately informed
the perl Archive::Zip maintainer. He's currently looking into it.
I'll keep you posted once there's an update on this.
Cheers,
Thomas
More information about the amavis-users
mailing list