Checking PDF file as Password-protected archive

Bugs in eFa 4
Post Reply
victorburgos
Posts: 19
Joined: 13 May 2017 20:53

Checking PDF file as Password-protected archive

Post by victorburgos »

Hi,
Today one customer didn´t receive a message and when checking if it was blocked, I found that it was blocked because it contained 6 password protected zip files.
2021-01-28_17-27-54.png
2021-01-28_17-27-54.png (17.83 KiB) Viewed 1157 times
These are the files attached:
2021-01-28_17-29-32.png
2021-01-28_17-29-32.png (41.4 KiB) Viewed 1157 times
I downloaded the pdf files and found one that was corrupt (I could not open it) and it was really a password protected zip file renamed as pdf.
This was correctly detected by MailScanner as password protected zip file, but the other files where just regular pdf files.

Checking my server logs, I found that all files where incorrectly detected as password protected files:

Code: Select all

Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.2.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.6.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.4.20210127081330_480422006_DVC_20190000801_ABCJ018460721_4_data2.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.3.20210127081330_480422006_DVC_20190000801_ABCJ018460721_3_data1.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.5.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (msg-6052-38.html) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:57 filter MailScanner[6052]: Saved entire message to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.3.20210127081330_480422006_DVC_20190000801_ABCJ018460721_3_data1.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.6.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.5.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "msg-6052-38.html" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.4.20210127081330_480422006_DVC_20190000801_ABCJ018460721_4_data2.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.2.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
To check if there was a problem with those pdf files, I sent new messages, one per message and only one was detected as password protected file.
individual files
individual files
pdf files independent.png (47.04 KiB) Viewed 1149 times
For some reason MailScanner is detecting pdf files as password protected files.
Note: The pdf files are not password protected.

Is this a bug or there is some setting to fix this problem?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Checking PDF file as Password-protected archive

Post by shawniverson »

PDF's eh? Do you have any that are not sensitive to share with me that got flagged? If not, that is okay, I'll try to reproduce independently.
Post Reply