Checking PDF file as Password-protected archive
Posted: 28 Jan 2021 22:36
Hi,
Today one customer didnĀ“t receive a message and when checking if it was blocked, I found that it was blocked because it contained 6 password protected zip files.
These are the files attached:
I downloaded the pdf files and found one that was corrupt (I could not open it) and it was really a password protected zip file renamed as pdf.
This was correctly detected by MailScanner as password protected zip file, but the other files where just regular pdf files.
Checking my server logs, I found that all files where incorrectly detected as password protected files:
To check if there was a problem with those pdf files, I sent new messages, one per message and only one was detected as password protected file.
For some reason MailScanner is detecting pdf files as password protected files.
Note: The pdf files are not password protected.
Is this a bug or there is some setting to fix this problem?
Today one customer didnĀ“t receive a message and when checking if it was blocked, I found that it was blocked because it contained 6 password protected zip files.
- 2021-01-28_17-27-54.png (17.83 KiB) Viewed 2116 times
- 2021-01-28_17-29-32.png (41.4 KiB) Viewed 2116 times
This was correctly detected by MailScanner as password protected zip file, but the other files where just regular pdf files.
Checking my server logs, I found that all files where incorrectly detected as password protected files:
Code: Select all
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.2.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.6.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.4.20210127081330_480422006_DVC_20190000801_ABCJ018460721_4_data2.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.3.20210127081330_480422006_DVC_20190000801_ABCJ018460721_3_data1.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (5.5.2021012708.PDF) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:56 filter MailScanner[6052]: Password-protected archive (msg-6052-38.html) in 4DRDjZ1gD1z42c9r
Jan 28 09:51:57 filter MailScanner[6052]: Saved entire message to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.3.20210127081330_480422006_DVC_20190000801_ABCJ018460721_3_data1.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.6.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.5.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "msg-6052-38.html" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.4.20210127081330_480422006_DVC_20190000801_ABCJ018460721_4_data2.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r
Jan 28 09:51:58 filter MailScanner[6052]: Saved infected "5.2.2021012708.PDF" to /var/spool/MailScanner/quarantine/20210128/4DRDjZ1gD1z42c9r- individual files
- pdf files independent.png (47.04 KiB) Viewed 2108 times
Note: The pdf files are not password protected.
Is this a bug or there is some setting to fix this problem?