Today one customer didn´t receive a message and when checking if it was blocked, I found that it was blocked because it contained 6 password protected zip files. These are the files attached: I downloaded the pdf files and found one that was corrupt (I could not open it) and it was really a password protected zip file renamed as pdf.
This was correctly detected by MailScanner as password protected zip file, but the other files where just regular pdf files.
Checking my server logs, I found that all files where incorrectly detected as password protected files:
Code: Select all
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.2.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.6.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.4.20210127081330_480422006_DVC_20190000801_ABCJ018460721_4_data2.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.3.20210127081330_480422006_DVC_20190000801_ABCJ018460721_3_data1.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.5.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (msg-6052-38.html) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:57 filter MailScanner[6052]: Saved entire message to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.3.20210127081330_480422006_DVC_20190000801_ABCJ018460721_3_data1.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.6.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.5.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "msg-6052-38.html" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.4.20210127081330_480422006_DVC_20190000801_ABCJ018460721_4_data2.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.2.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Note: The pdf files are not password protected.
Is this a bug or there is some setting to fix this problem?