Encrypted archives and 7z on Debian Jessie (amavis 2.10.1)

Dino support at deeztek.com
Thu Sep 15 21:00:05 CEST 2016 

So what happens when you try to extract a unencrypted 7z archive using 
the internal decoder? Does that work?

On 9/14/2016 8:10 AM, Hoyer-Reuther, Christian wrote:
> Hello,
>
> our mailserver run amavisd-new-2.10.1 on Debian Jessie. Regarding encrypted archives I configured $undecipherable_subject_tag = '+++Virus scan failed+++ ' so the recipient is notified that the archive could not be scanned.
>
> But when 7z or 7za is used as decoder of an encrypted archive then the subject is not modified.
>
> According to the release notes this problem seems to be fixed in amavisd-new-2.11.0 ("updated decoder for 7z archives to improve handling of encrypted content; based on a patch by Markus Benning").
>
> I don't know if 2.11.0 will be available on Jessie (or at least the fix for 7z), but for the moment I use the internal decoder for zip files as a workaround. Then it works and the subject is modified.
>
> I would like to know if there are any drawbacks when I use the internal decoder instead of 7z for zip files.
>
> Regards,
>
> Christian
>
> A few details follow:
>
> Debian Jessie package versions:
> ii  amavisd-new                    1:2.10.1-2~deb8u1           all
> ii  p7zip-full                     9.20.1~dfsg.1-4.1+deb8u2    amd64
>
> Test with 7z:
> amavis[6356]: (06356-01) (!!)collect_results from [6416] (/usr/bin/7z): exit 2 \n7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18\np7zip Version 9.20 (locale=C,Utf16=off,
> HugeFiles=on,8 CPUs)\n\nProcessing archive: /var/lib/amavis/tmp/amavis-20160914T130733-06356-PkD36RYR/parts/p002\n\nExtracting  eicar.txt\nEnter password (will not be echoed) :     CRC Failed in encrypted
> file. Wrong password?\n\nSub items Errors: 1\n\n
>
> Test with 7za:
> amavis[6566]: (06566-01) (!!)collect_results from [6610] (/usr/bin/7za): exit 2 \n7-Zip (A) [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18\np7zip Version 9.20 (locale=C,
> Utf16=off,HugeFiles=on,8 CPUs)\n\nProcessing archive: /var/lib/amavis/tmp/amavis-20160914T131036-06566-OSv3L3u_/parts/p002\n\nExtracting  eicar.txt\nEnter password (will not be echoed) :     CRC Failed in
> encrypted file. Wrong password?\n\nSub items Errors: 1\n\n
>
> Test with internal decoder:
> amavis[6804]: (06804-01) do_unzip: p002, 1 members are encrypted, none extracted, archive retained
>
> decoders and subject tag settings in /etc/amavis/conf.d/50-user:
> $gzip       = 'gzip';
> $bzip2      = 'bzip2';
> $lzop       = 'lzop';
> $rpm2cpio   = ['rpm2cpio.pl','rpm2cpio'];
> $cabextract = ['7z', 'cabextract'];
> $uncompress = ['uncompress', 'gzip -d', 'zcat'];
> $unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
> $arc        = ['nomarch', 'arc'];
> $unarj      = ['arj', 'unarj'];
> $unrar      = ['rar', 'unrar'];
> $zoo        = 'zoo';
> $lha        = 'lha';
> $pax        = 'pax';
> $cpio       = 'cpio';
> $ar         = 'ar';
> $ripole     = 'ripole';
> $dspam      = 'dspam';
> unshift(@decoders,
>    # ['zip', \&Amavis::Unpackers::do_7zip, ['7z','7za'] ],
>    ['zip', \&Amavis::Unpackers::do_unzip],
> );
> $undecipherable_subject_tag = '+++Virus scan failed+++ ';
>
> decoders log at amavis startup:
> amavis[6803]: Internal decoder for .zip
> amavis[6803]: Internal decoder for .mail
> amavis[6803]: No ext program for   .F, tried: unfreeze, freeze -d, melt, fcat
> amavis[6803]: Found decoder for    .Z    at /bin/uncompress
> amavis[6803]: Found decoder for    .gz   at /bin/gzip -d
> amavis[6803]: Internal decoder for .gz   (backup, not used)
> amavis[6803]: Found decoder for    .bz2  at /bin/bzip2 -d
> amavis[6803]: Found decoder for    .xz   at /usr/bin/xz -dc
> amavis[6803]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
> amavis[6803]: Found decoder for    .lrz  at /usr/bin/lrzip -q -k -d -o -
> amavis[6803]: Found decoder for    .lzo  at /usr/bin/lzop -d
> amavis[6803]: Found decoder for    .lz4  at /usr/bin/lz4c -d
> amavis[6803]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
> amavis[6803]: Found decoder for    .cpio at /bin/pax
> amavis[6803]: Found decoder for    .tar  at /bin/pax
> amavis[6803]: Found decoder for    .deb  at /usr/bin/ar
> amavis[6803]: Found decoder for    .rar  at /usr/bin/unrar
> amavis[6803]: Found decoder for    .arj  at /usr/bin/arj
> amavis[6803]: Found decoder for    .arc  at /usr/bin/nomarch
> amavis[6803]: Found decoder for    .zoo  at /usr/bin/zoo
> amavis[6803]: Found decoder for    .doc  at /usr/bin/ripole
> amavis[6803]: Found decoder for    .cab  at /usr/bin/7z
> amavis[6803]: Internal decoder for .tnef
> amavis[6803]: Found decoder for    .zip  at /usr/bin/7za (backup, not used)
> amavis[6803]: Found decoder for    .kmz  at /usr/bin/7za
> amavis[6803]: Internal decoder for .zip  (backup, not used)
> amavis[6803]: Internal decoder for .kmz  (backup, not used)
> amavis[6803]: Found decoder for    .7z   at /usr/bin/7za
> amavis[6803]: Found decoder for    .gz   at /usr/bin/7za (backup, not used)
> amavis[6803]: Found decoder for    .bz2  at /usr/bin/7za (backup, not used)
> amavis[6803]: Found decoder for    .Z    at /usr/bin/7za (backup, not used)
> amavis[6803]: Found decoder for    .tar  at /usr/bin/7za (backup, not used)
> amavis[6803]: Found decoder for    .xz   at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .lzma at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .jar  at /usr/bin/7z
> amavis[6803]: Found decoder for    .cpio at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .arj  at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .rar  at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .swf  at /usr/bin/7z
> amavis[6803]: Found decoder for    .lha  at /usr/bin/7z
> amavis[6803]: Found decoder for    .iso  at /usr/bin/7z
> amavis[6803]: Found decoder for    .cab  at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .deb  at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .rpm  at /usr/bin/7z (backup, not used)
> amavis[6803]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
> amavis[6803]: No decoder for       .F


-- 
Hermes Secure Email Gateway
*Hermes Secure Email Gateway*
Hermes Secure Email Gateway combines Open Source technologies such as 
Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail 
under one unified web based Web GUI for easy administration and 
management of your incoming and ougoing email for your organization. 
Anti-spam, anti-virus and anti-malware protection, encrypted S/MIME, 
encrypted PDF and SMTP TLS support, built-in email archiving, end-user 
self-service web gui.

Download the free open-source appliance at:
http://www.deeztek.com/hermes-secure-email-gateway/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160915/a9626324/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hermes_logo3.jpg
Type: image/jpeg
Size: 3798 bytes
Desc: not available
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160915/a9626324/attachment.jpg>

More information about the amavis-users mailing list