malware went through because RAR file fails to unpack

Engels, Jan jan.engels at
Mon Mar 23 18:01:52 CET 2020

Hi everyone,

I've experienced today the same problem as described here:

i.e. malware went through amavis because the RAR archive containing the malware could not be unpacked:

extract from logfile:
amavis[4629]: (04629-01) (!)Decoding of p002 (RAR archive data, v2d, flags: Commented, Solid, os: OS/2) failed, leaving it unpacked: do_unrar: /var/spool/amavisd/tmp/amavis-20200323T174309-04629-o4cSZwti/parts/p002 is not RAR archive at (eval 133) line 1056.

if it helps, the malware which hit this problem is already referenced at

Is it somehow possible to let amavis rather treat this as "quarantine" case, i.e.
to not let the email go through if unrar fails?

Any help is greatly appreciated.

Best regards

More information about the amavis-users mailing list