Quaranatine password protected Archives

Questions and answers about how to do stuff
Post Reply
luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Quaranatine password protected Archives

Post by luxusv » 23 Apr 2018 07:11

Is it possible to quarantine password protected archives or to automatically forward them to a specific emailaddress?

We are try to build a solution in which the user can enter the password of the archive and it will be re-zipped as a non protected archive and resent to the recipient. For this we need to be able to access the zip-file and read the recipients.

Thanks in advance.

Luc

User avatar
pdwalker
Posts: 1116
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker » 23 Apr 2018 09:59

/etc/Mailscanner.conf
Allow Password-Protected Archives = no

This will quarantine password protected files

luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv » 23 Apr 2018 12:14

pdwalker wrote:
23 Apr 2018 09:59
/etc/Mailscanner.conf
Allow Password-Protected Archives = no

This will quarantine password protected files
That settings is currently already set to 'no'

My current settings regarding virus/archives:

Code: Select all

Virus Scanning = yes
Virus Scanners = sophos clamd
Virus Scanner Timeout = 300
Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Zip-Password
Spam-Virus Header = X-%org-name%-MailScanner-EFA-SpamVirus-Report:
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = no
Check Filenames In Password-Protected Archives = yes
Allowed Sophos Error Messages = "Password protected file"

User avatar
pdwalker
Posts: 1116
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker » 24 Apr 2018 02:15

What are your "Quarantine *" settings in MailScanner.conf?

luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv » 24 Apr 2018 07:35

pdwalker wrote:
24 Apr 2018 02:15
What are your "Quarantine *" settings in MailScanner.conf?

Code: Select all

Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine User = postfix
Quarantine Group = mtagroup
Quarantine Permissions = 0660
Quarantine Infections = no
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no

User avatar
pdwalker
Posts: 1116
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker » 25 Apr 2018 10:15

So, according to what I see, I believe password protected archive files should be automatically quarantined.

Is your system not quarantining password protected archive files?

luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv » 26 Apr 2018 07:46

pdwalker wrote:
25 Apr 2018 10:15
So, according to what I see, I believe password protected archive files should be automatically quarantined.

Is your system not quarantining password protected archive files?
That's correct. I tried sending myself a message with a password protected zip-file. I know the message ID but even when trying to use the locate command with this ID I'm unable to find the message. I think this is because of the following setting: 'Quarantine Silent Viruses = no'

luxusv
Posts: 5
Joined: 23 Apr 2018 06:51

Re: Quaranatine password protected Archives

Post by luxusv » 15 May 2018 06:42

Any idea how we can fix this?
We currently have a big problem with companies trying to send us legitimate password protected files but we don't want to remove the rule.
If these messages are quarantined we can work toward a fix for this.

User avatar
pdwalker
Posts: 1116
Joined: 18 Mar 2015 09:16

Re: Quaranatine password protected Archives

Post by pdwalker » 16 May 2018 07:47

try setting "Quarantine Silent Viruses = yes" and "Quarantine Infections = yes", restart mailscanner, and then send yourself a password protected zip file and see what happens.

Post Reply