Page 1 of 1
Not scanning in zip files
Posted: 16 Dec 2014 00:09
by fredcyr
Hi,
I'm running version 3.0.0.6 and added the following line in the /etc/Mailscanner/archives.filetype.rules.conf to block screen-saver files in zip files.
Code: Select all
deny \.scr$ No Screen Saver No Screen Saver Allowed
In Mailscanner.conf the "Archives: Filename Rules" is pointing to that file.
I've restarted the Mailscanner service but EFA is letting a SCR file in a ZIP pass through.
Any idea why?
Thanks
Fred
Re: Not scanning in zip files
Posted: 17 Dec 2014 23:47
by shawniverson
In /etc/MailScanner/MailScanner.conf:
Code: Select all
# The maximum depth to which zip archives, rar archives and Microsoft Office
# documents will be unpacked, to allow for checking filenames and filetypes
# within zip and rar archives and embedded within Office documents.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 0
You need to set this to a value greater than zero and then restart MailScanner
Re: Not scanning in zip files
Posted: 19 Dec 2014 16:06
by fredcyr
Thanks!
It's working now.
Re: Not scanning in zip files
Posted: 12 Feb 2015 02:37
by curibe
can you give more details what "Maximum Archive Depth" does?? i believe the default is -1. what does -1 do?
Re: Not scanning in zip files
Posted: 14 Feb 2015 16:31
by shawniverson
-1 is infinite depth, with is not adviseable.
Code: Select all
# The maximum depth to which zip archives, rar archives and Microsoft Office
# documents will be unpacked, to allow for checking filenames and filetypes
# within zip and rar archives and embedded within Office documents.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 0
This setting just works for filename and filetype scanning rulesets.
Re: Not scanning in zip files
Posted: 17 Apr 2015 14:23
by rdns
I have set Maximum Archive Depth = 2. Seems like zipped Office 2003 files are blocked. Any suggestions?
Re: Not scanning in zip files
Posted: 18 Apr 2015 14:32
by shawniverson
Can you share more info? What does the zipped file look like (filename) ?
Re: Not scanning in zip files
Posted: 21 Apr 2015 11:41
by rdns
Thank you so much. Sender says that Lotus notes automatically zips the attachments and the attachments are named quote 4-14-15.zip The zip file contains a .doc file created by MS word 97-2003.
Re: Not scanning in zip files
Posted: 22 Apr 2015 22:24
by shawniverson
What is the name of the .doc file inside the zipped file?
Re: Not scanning in zip files
Posted: 22 Apr 2015 23:13
by rdns
Same as the zip file name except it has .doc Sender says they use lotous notes. Lotous notes automatically zips attachments. These zips attachments are very low in size. Less than 200KB.
Re: Not scanning in zip files
Posted: 25 Apr 2015 13:39
by shawniverson
Ok, now, can you post the exact block reason for the zipped doc file as it appears in the blocked file report?
You can find this by clicking the email in MailWatch and looking at the message details.
Re: Not scanning in zip files
Posted: 27 Apr 2015 11:38
by rdns
MailScanner: Message contained archive nested too deeply
Re: Not scanning in zip files
Posted: 27 Apr 2015 23:00
by shawniverson
Thank you.
Increase the depth on this setting...
The problem is that these Office documents are more than 2 levels deep....
Re: Not scanning in zip files
Posted: 28 Apr 2015 11:49
by rdns
I just set this settings to prevent all those .zip file related viruses/Trojans. Everything is working except that one client (big company) who uses a old version of MS office and zips every single file with lotus notes before sending out as an email attachment.
- Not folder inside a folder and zipped
- Not a zip inside a zip.
- Its simply a .doc file and its zipped. Is that 2 levels deep?
Re: Not scanning in zip files
Posted: 30 Apr 2015 17:06
by shawniverson
Yes, a .doc is like a .zip in the eyes of MailScanner. It gets "unzipped" so to speak, to scan its contents.