Decoding of RAR archive failed, leaving it unpacked

Carsten postfixer99 at gmail.com
Thu May 12 10:45:55 CEST 2016


Hello,

yesterday, some malware came in as ".vbe" inside .rar inside .zip.

Amavis couldn't recognize ".vbe" as banned, because unrar could not look 
inside the archive:

May 11 13:36:39 mscanner amavis[9266]: (09266-17) (!)Decoding of p005 
(RAR archive data, v3,) failed, leaving it unpacked: do_unrar: 
/var/lib/amavis/tmp/amavis-20160511T131027-09266-396cGoei/parts/p005 is 
not RAR archive at (eval 117) line 890.

I am using:
$unrar      = ['rar', 'unrar'];

Is it possible to set an option in amavis to block mails, if the 
attachments can not be sucessfully unpacked ?

Carsten


More information about the amavis-users mailing list