Quaranatine password protected Archives

Questions and answers about how to do stuff
Post Reply
luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Quaranatine password protected Archives

Post by luxusv »

Is it possible to quarantine password protected archives or to automatically forward them to a specific emailaddress?

We are try to build a solution in which the user can enter the password of the archive and it will be re-zipped as a non protected archive and resent to the recipient. For this we need to be able to access the zip-file and read the recipients.

Thanks in advance.

Luc
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker »

/etc/Mailscanner.conf
Allow Password-Protected Archives = no

This will quarantine password protected files
luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv »

pdwalker wrote: 23 Apr 2018 09:59 /etc/Mailscanner.conf
Allow Password-Protected Archives = no

This will quarantine password protected files
That settings is currently already set to 'no'

My current settings regarding virus/archives:

Code: Select all

Virus Scanning = yes
Virus Scanners = sophos clamd
Virus Scanner Timeout = 300
Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Zip-Password
Spam-Virus Header = X-%org-name%-MailScanner-EFA-SpamVirus-Report:
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = no
Check Filenames In Password-Protected Archives = yes
Allowed Sophos Error Messages = "Password protected file"
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker »

What are your "Quarantine *" settings in MailScanner.conf?
luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv »

pdwalker wrote: 24 Apr 2018 02:15 What are your "Quarantine *" settings in MailScanner.conf?

Code: Select all

Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine User = postfix
Quarantine Group = mtagroup
Quarantine Permissions = 0660
Quarantine Infections = no
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker »

So, according to what I see, I believe password protected archive files should be automatically quarantined.

Is your system not quarantining password protected archive files?
luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv »

pdwalker wrote: 25 Apr 2018 10:15 So, according to what I see, I believe password protected archive files should be automatically quarantined.

Is your system not quarantining password protected archive files?
That's correct. I tried sending myself a message with a password protected zip-file. I know the message ID but even when trying to use the locate command with this ID I'm unable to find the message. I think this is because of the following setting: 'Quarantine Silent Viruses = no'
luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv »

Any idea how we can fix this?
We currently have a big problem with companies trying to send us legitimate password protected files but we don't want to remove the rule.
If these messages are quarantined we can work toward a fix for this.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker »

try setting "Quarantine Silent Viruses = yes" and "Quarantine Infections = yes", restart mailscanner, and then send yourself a password protected zip file and see what happens.
Post Reply