malware went through because RAR file fails to unpack
Engels, Jan
jan.engels at desy.de
Mon Mar 23 18:01:52 CET 2020
Hi everyone,
I've experienced today the same problem as described here:
https://lists.amavis.org/pipermail/amavis-users/2016-May/004334.html
i.e. malware went through amavis because the RAR archive containing the malware could not be unpacked:
extract from logfile:
amavis[4629]: (04629-01) (!)Decoding of p002 (RAR archive data, v2d, flags: Commented, Solid, os: OS/2) failed, leaving it unpacked: do_unrar: /var/spool/amavisd/tmp/amavis-20200323T174309-04629-o4cSZwti/parts/p002 is not RAR archive at (eval 133) line 1056.
if it helps, the malware which hit this problem is already referenced at virustotal.com:
https://www.virustotal.com/gui/file/2c8d19479b892ef10c1f7a87a97b41b27d8436388be337ebdbf36e76da91732f/detection
Is it somehow possible to let amavis rather treat this as "quarantine" case, i.e.
to not let the email go through if unrar fails?
Any help is greatly appreciated.
Best regards
Jan
More information about the amavis-users
mailing list