Encrypted archives and 7z on Debian Jessie (amavis 2.10.1)

Hoyer-Reuther, Christian Christian.Hoyer-Reuther at cac-chem.de
Wed Sep 14 14:10:52 CEST 2016 

Hello,

our mailserver run amavisd-new-2.10.1 on Debian Jessie. Regarding encrypted archives I configured $undecipherable_subject_tag = '+++Virus scan failed+++ ' so the recipient is notified that the archive could not be scanned.

But when 7z or 7za is used as decoder of an encrypted archive then the subject is not modified.

According to the release notes this problem seems to be fixed in amavisd-new-2.11.0 ("updated decoder for 7z archives to improve handling of encrypted content; based on a patch by Markus Benning").

I don't know if 2.11.0 will be available on Jessie (or at least the fix for 7z), but for the moment I use the internal decoder for zip files as a workaround. Then it works and the subject is modified.

I would like to know if there are any drawbacks when I use the internal decoder instead of 7z for zip files.

Regards,

Christian

A few details follow:

Debian Jessie package versions:
ii  amavisd-new                    1:2.10.1-2~deb8u1           all
ii  p7zip-full                     9.20.1~dfsg.1-4.1+deb8u2    amd64

Test with 7z:
amavis[6356]: (06356-01) (!!)collect_results from [6416] (/usr/bin/7z): exit 2 \n7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18\np7zip Version 9.20 (locale=C,Utf16=off,
HugeFiles=on,8 CPUs)\n\nProcessing archive: /var/lib/amavis/tmp/amavis-20160914T130733-06356-PkD36RYR/parts/p002\n\nExtracting  eicar.txt\nEnter password (will not be echoed) :     CRC Failed in encrypted
file. Wrong password?\n\nSub items Errors: 1\n\n

Test with 7za:
amavis[6566]: (06566-01) (!!)collect_results from [6610] (/usr/bin/7za): exit 2 \n7-Zip (A) [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18\np7zip Version 9.20 (locale=C,
Utf16=off,HugeFiles=on,8 CPUs)\n\nProcessing archive: /var/lib/amavis/tmp/amavis-20160914T131036-06566-OSv3L3u_/parts/p002\n\nExtracting  eicar.txt\nEnter password (will not be echoed) :     CRC Failed in
encrypted file. Wrong password?\n\nSub items Errors: 1\n\n

Test with internal decoder:
amavis[6804]: (06804-01) do_unzip: p002, 1 members are encrypted, none extracted, archive retained

decoders and subject tag settings in /etc/amavis/conf.d/50-user:
$gzip       = 'gzip';
$bzip2      = 'bzip2';
$lzop       = 'lzop';
$rpm2cpio   = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = ['7z', 'cabextract'];
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc        = ['nomarch', 'arc'];
$unarj      = ['arj', 'unarj'];
$unrar      = ['rar', 'unrar'];
$zoo        = 'zoo';
$lha        = 'lha';
$pax        = 'pax';
$cpio       = 'cpio';
$ar         = 'ar';
$ripole     = 'ripole';
$dspam      = 'dspam';
unshift(@decoders,
  # ['zip', \&Amavis::Unpackers::do_7zip, ['7z','7za'] ],
  ['zip', \&Amavis::Unpackers::do_unzip],
);
$undecipherable_subject_tag = '+++Virus scan failed+++ ';

decoders log at amavis startup:
amavis[6803]: Internal decoder for .zip
amavis[6803]: Internal decoder for .mail
amavis[6803]: No ext program for   .F, tried: unfreeze, freeze -d, melt, fcat
amavis[6803]: Found decoder for    .Z    at /bin/uncompress
amavis[6803]: Found decoder for    .gz   at /bin/gzip -d
amavis[6803]: Internal decoder for .gz   (backup, not used)
amavis[6803]: Found decoder for    .bz2  at /bin/bzip2 -d
amavis[6803]: Found decoder for    .xz   at /usr/bin/xz -dc
amavis[6803]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
amavis[6803]: Found decoder for    .lrz  at /usr/bin/lrzip -q -k -d -o -
amavis[6803]: Found decoder for    .lzo  at /usr/bin/lzop -d
amavis[6803]: Found decoder for    .lz4  at /usr/bin/lz4c -d
amavis[6803]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
amavis[6803]: Found decoder for    .cpio at /bin/pax
amavis[6803]: Found decoder for    .tar  at /bin/pax
amavis[6803]: Found decoder for    .deb  at /usr/bin/ar
amavis[6803]: Found decoder for    .rar  at /usr/bin/unrar
amavis[6803]: Found decoder for    .arj  at /usr/bin/arj
amavis[6803]: Found decoder for    .arc  at /usr/bin/nomarch
amavis[6803]: Found decoder for    .zoo  at /usr/bin/zoo
amavis[6803]: Found decoder for    .doc  at /usr/bin/ripole
amavis[6803]: Found decoder for    .cab  at /usr/bin/7z
amavis[6803]: Internal decoder for .tnef
amavis[6803]: Found decoder for    .zip  at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .kmz  at /usr/bin/7za
amavis[6803]: Internal decoder for .zip  (backup, not used)
amavis[6803]: Internal decoder for .kmz  (backup, not used)
amavis[6803]: Found decoder for    .7z   at /usr/bin/7za
amavis[6803]: Found decoder for    .gz   at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .bz2  at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .Z    at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .tar  at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .xz   at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .lzma at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .jar  at /usr/bin/7z
amavis[6803]: Found decoder for    .cpio at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .arj  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .rar  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .swf  at /usr/bin/7z
amavis[6803]: Found decoder for    .lha  at /usr/bin/7z
amavis[6803]: Found decoder for    .iso  at /usr/bin/7z
amavis[6803]: Found decoder for    .cab  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .deb  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .rpm  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
amavis[6803]: No decoder for       .F

More information about the amavis-users mailing list