[2.11.0 PATCH] do_7zip: Treat .zip archives with broken headers as UNDECIPHERABLE

Thomas Jarosch thomas.jarosch at intra2net.com
Mon May 23 15:51:05 CEST 2016


Some ransomware break the archive headers on purpose to bypass amavisd.

Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com>
---
 amavisd | 1 +
 1 file changed, 1 insertion(+)

diff --git a/amavisd b/amavisd
index 7f93194..41b9ce3 100755
--- a/amavisd
+++ b/amavisd
@@ -32218,6 +32218,7 @@ sub do_7zip($$$;$) {
     if (proc_status_ok($rv,$err,1) && $mem_cnt > 0 && $bytes > 0) { # just warn
       do_log(4,"do_7zip: warning, %s", exit_status_str($rv,$err));
     } elsif (!proc_status_ok($rv,$err)) {
+      $part->attributes_add('U');
       die sprintf("can't get a list of archive members: %s; %s",
                   exit_status_str($rv,$err), $last_line);
     }
-- 
2.4.11



More information about the amavis-users mailing list