This zip file passes the .exe banning why?

Thomas Jarosch thomas.jarosch at
Mon Apr 11 16:58:11 CEST 2016

Hi Alessandro,

On Monday, 11. April 2016 16:38:15 Alessandro Briosi wrote:
> This is what is detected:
> Apr 11 14:36:28 mail amavis[31751]: (31751-01) p003 1 Content-Type:
> multipart/mixed
> Apr 11 14:36:28 mail amavis[31751]: (31751-01) p001 1/1 Content-Type:
> text/plain, size: 564 B, name:
> Apr 11 14:36:28 mail amavis[31751]: (31751-01) p002 1/2 Content-Type:
> application/zip, size: 59784 B, name: documento_
> which seems pretty correct to me
> No white listing I can guess of.
> If I unzip the file and rezip it, then send an identical mail the file
> is blocked.

the problem here is that the .exe file is not unzipped correctly.
I could reproduce the problem locally.

We've received a similar sample virus six weeks ago and privately informed 
the perl Archive::Zip maintainer. He's currently looking into it.

I'll keep you posted once there's an update on this.


More information about the amavis-users mailing list