rar support is broken

Dmitry Melekhov dm at belkam.com
Thu Nov 23 11:14:15 CET 2017


23.11.2017 13:48, Philipp Gesang пишет:

Hello!


Now I can use rar or unrar again and it amavisd adds UNCHECKED to 
message subject :-)
This is great!

But, for me  it still not perfect, as you can see archive contains 
executable, namely file with .scr extention,
which should be blocked by amavis according to our configuration, but 
message passes UNCHECKED.
File can't be extracted at any locale, but it's latin part, namely 
extensions can be read anyway and blocked.

Is it possible to do something about this?

Thank you!


> Hi,
>
> -<| Quoting Philipp Gesang <philipp.gesang at intra2net.com>, on Wednesday, 2017-11-22 01:29:33 PM |>-
>> -<| Quoting Dmitry Melekhov <dm at belkam.com>, on Wednesday, 2017-11-22 04:09:47 PM |>-
>>> 22.11.2017 14:49, Dmitry Melekhov пишет:
>>>> I run ubuntu 16.04 server with amavisd-new 2.10.1, but looks like 2.11.0
>>>> has the same code.*
>>>> *
>>>>
>>>> Today I found that amavisd-new can't check attachments using rar or
>>>> unrar-nonfree.
>>>>
>>>> If file has only latin characters then message arrives UNCHECKED,
>>>> if it has cyrillic in utf-8 then rar or unrar exits with exit code and
>>>> message passes without any warnings.
>> This sounds interesting. Would it be possible to send me a file
>> like this off-list for testing?
> thanks to Dmitry’s sample we were able to cover another corner
> case in the unrar handler.
>
> Besides malware, the archive contains filenames encoded in UTF-8
> that unrar extracts fine in a UTF8-locale but not in the C
> locale. Amavisd ignores the failure during extraction because the
> listing succeeded earlier which it does under any locale.
>
> See attached patch.
>
> Best,
> Philipp
>
>
>
> /tmp/malware # LC_ALL=en_US.UTF-8 unrar x falspositive.rar
>
> UNRAR 5.50 freeware      Copyright (c) 1993-2017 Alexander Roshal
>
>
> Extracting from falspositive.rar
>
> Extracting  Для сверки для сверки.scr                                 OK
> All OK
> /tmp/malware # LC_ALL=C unrar x falspositive.rar
>
> UNRAR 5.50 freeware      Copyright (c) 1993-2017 Alexander Roshal
>
>
> Extracting from falspositive.rar
>
> Cannot create ??? ?????? ??? ??????.scr
> No such file or directory
> No files to extract
> /tmp/malware # echo $?
> 10
> /tmp/malware # LC_ALL=en_US.UTF-8 unrar l falspositive.rar
>
> UNRAR 5.50 freeware      Copyright (c) 1993-2017 Alexander Roshal
>
> Archive: falspositive.rar
> Details: RAR 5
>
>   Attributes      Size     Date    Time   Name
> ----------- ---------  ---------- -----  ----
>      ..A....    211968  2017-11-22 07:38  Для сверки для сверки.scr
> ----------- ---------  ---------- -----  ----
>                 211968                    1
>
> /tmp/malware # LC_ALL=C unrar l falspositive.rar
>
> UNRAR 5.50 freeware      Copyright (c) 1993-2017 Alexander Roshal
>
> Archive: falspositive.rar
> Details: RAR 5
>
>   Attributes      Size     Date    Time   Name
> ----------- ---------  ---------- -----  ----
>      ..A....    211968  2017-11-22 07:38  ??? ?????? ??? ??????.scr
> ----------- ---------  ---------- -----  ----
>                 211968                    1
>



More information about the amavis-users mailing list