Can't Block .js files inside of .zip Email Attachments

[Kirchner, Patrick]

Thanks Mickaël.  If a .zip file is corrupt though, would it also be un-zip-able?  And would therefore not pose a threat?

Could you share the unzip/Unpackers line with us that you use in your amavisd.conf file please?

Thanks,
Patrick.

From: Mickaël Maillot [mailto:mickael.maillot at gmail.com]
Sent: Friday, May 13, 2016 5:17 AM
To: Maurizio Marini <maumar at datalogica.com>
Cc: Kirchner, Patrick <KirchnerPA at lakeland.edu>; amavis-users at amavis.org
Subject: Re: Can't Block .js files inside of .zip Email Attachments

I just want to warn you because 7zip cannot decode corruption zip and will not even list files in it.
It's why i switch back to unzip to decode zip.

2016-05-10 20:04 GMT+02:00 Maurizio Marini <maumar at datalogica.com<mailto:maumar at datalogica.com>>:
On Fri, 6 May 2016 15:24:10 +0000
"Kirchner, Patrick" <KirchnerPA at lakeland.edu<mailto:KirchnerPA at lakeland.edu>> wrote:

> An infected .js file in a .zip file that made its way through the email
> server was luckily blocked by antivirus on my wife's Mac, so I'd really like
> to be able to block such files.  I can provide an sample of one of the .js
> files if it would be helpful.

Hello Patrick
I had the same issue, you have to raise log level, then you can check if zip
file is unzipped; js are blocked, but ziped files should be opened
 I solved by installing p7zip
this is not enough, you should configure amavis to use it whan you receive zip
attachments
I used this

unshift(@decoders,
['zip',  \&Amavis::Unpackers::do_7zip, ['7z','7za'] ],
);

I am not  an expert at all, I am very lame and I can't say this is the
proper solution, what I note was that after this configuration zipped
attachments were correctly opened

-m

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160513/ae565875/attachment.html>