rar support is broken
Dmitry Melekhov
dm at belkam.com
Thu Nov 23 11:14:15 CET 2017
23.11.2017 13:48, Philipp Gesang пишет:
Hello!
Now I can use rar or unrar again and it amavisd adds UNCHECKED to
message subject :-)
This is great!
But, for me it still not perfect, as you can see archive contains
executable, namely file with .scr extention,
which should be blocked by amavis according to our configuration, but
message passes UNCHECKED.
File can't be extracted at any locale, but it's latin part, namely
extensions can be read anyway and blocked.
Is it possible to do something about this?
Thank you!
> Hi,
>
> -<| Quoting Philipp Gesang <philipp.gesang at intra2net.com>, on Wednesday, 2017-11-22 01:29:33 PM |>-
>> -<| Quoting Dmitry Melekhov <dm at belkam.com>, on Wednesday, 2017-11-22 04:09:47 PM |>-
>>> 22.11.2017 14:49, Dmitry Melekhov пишет:
>>>> I run ubuntu 16.04 server with amavisd-new 2.10.1, but looks like 2.11.0
>>>> has the same code.*
>>>> *
>>>>
>>>> Today I found that amavisd-new can't check attachments using rar or
>>>> unrar-nonfree.
>>>>
>>>> If file has only latin characters then message arrives UNCHECKED,
>>>> if it has cyrillic in utf-8 then rar or unrar exits with exit code and
>>>> message passes without any warnings.
>> This sounds interesting. Would it be possible to send me a file
>> like this off-list for testing?
> thanks to Dmitry’s sample we were able to cover another corner
> case in the unrar handler.
>
> Besides malware, the archive contains filenames encoded in UTF-8
> that unrar extracts fine in a UTF8-locale but not in the C
> locale. Amavisd ignores the failure during extraction because the
> listing succeeded earlier which it does under any locale.
>
> See attached patch.
>
> Best,
> Philipp
>
>
>
> /tmp/malware # LC_ALL=en_US.UTF-8 unrar x falspositive.rar
>
> UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
>
>
> Extracting from falspositive.rar
>
> Extracting Для сверки для сверки.scr OK
> All OK
> /tmp/malware # LC_ALL=C unrar x falspositive.rar
>
> UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
>
>
> Extracting from falspositive.rar
>
> Cannot create ??? ?????? ??? ??????.scr
> No such file or directory
> No files to extract
> /tmp/malware # echo $?
> 10
> /tmp/malware # LC_ALL=en_US.UTF-8 unrar l falspositive.rar
>
> UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
>
> Archive: falspositive.rar
> Details: RAR 5
>
> Attributes Size Date Time Name
> ----------- --------- ---------- ----- ----
> ..A.... 211968 2017-11-22 07:38 Для сверки для сверки.scr
> ----------- --------- ---------- ----- ----
> 211968 1
>
> /tmp/malware # LC_ALL=C unrar l falspositive.rar
>
> UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
>
> Archive: falspositive.rar
> Details: RAR 5
>
> Attributes Size Date Time Name
> ----------- --------- ---------- ----- ----
> ..A.... 211968 2017-11-22 07:38 ??? ?????? ??? ??????.scr
> ----------- --------- ---------- ----- ----
> 211968 1
>
More information about the amavis-users
mailing list