Encrypted RAR not recognized as such...

Thu, 29 Aug 2013 07:42:19 -0700 

On one system with amavis I'm encountering an issue with encrypted RAR
files - they are "Passed CLEAN" on a system with "unrar-free" from
Debian (http://packages.debian.org/wheezy/unrar-free) :

Aug 29 16:32:55 scanner amavis[6725]: Found decoder for    .rar  at 
/usr/bin/unrar-free
...
Aug 29 16:10:45 scanner amavis[23731]: (23731-01) Passed CLEAN, [IP] [IP], 
filename: (), mail_id: , Message-ID: <822.1377784982@HOSTNAME>, Hits: -, size: 
929, queued_as: 5558663, scan_time: 110 ms, <[email protected]> -> 
<[email protected]>


While on mail.charite.de with amavisd-new-2.8.1 (using "rar" from
Ubuntu) I'm getting "Passed UNCHECKED", as expected:

Aug 29 16:25:39 mail amavis[16749]: Found decoder for    .rar  at /usr/bin/rar
...
Aug 29 15:57:39 mail amavis[26959]: (26959-05) Checking: 5iuKFtoOi-87 
[209.85.212.169] <[email protected]> -> <[email protected]>
Aug 29 15:57:39 mail amavis[26959]: (26959-05) p003 1 Content-Type: 
multipart/mixed
Aug 29 15:57:39 mail amavis[26959]: (26959-05) p001 1/1 Content-Type: 
text/plain, size: 6 B, name: 
Aug 29 15:57:39 mail amavis[26959]: (26959-05) p002 1/2 Content-Type: 
application/rar, size: 91 B, name: test.rar
Aug 29 15:57:39 mail amavis[26959]: (26959-05) do_unrar: p002, 1 members are 
encrypted, none extracted, archive retained
Aug 29 15:57:45 mail amavis[26959]: (26959-05) FWD from 
<[email protected]> -> <[email protected]>,BODY=7BIT 250 
2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3cQlkx0shTzCrFw
Aug 29 15:57:45 mail amavis[26959]: (26959-05) Passed UNCHECKED 
{RelayedInbound}, [209.85.212.169]:43540 [209.85.212.169] 
<[email protected]> -> <[email protected]>, Message-ID: 
<can3odnhssrgdnptsmrqejgausyy1vxmm5r2en7mr28v-hhq...@mail.gmail.com>, mail_id: 
5iuKFtoOi-87, Hits: -2.775, size: 2068, queued_as: 3cQlkx0shTzCrFw, 
dkim_sd=20120113:gmail.com, 5369 ms

Deinstalling "rar" in favour of "unrar-free" gives me the same "Passed
CLEAN" behaviour  on mail.charite.de

Bug in unrar-free? Bug in amavis (maybe unrar-free is called in a
non-appropriate way?)

-- 
Ralf Hildebrandt                   Charite Universitätsmedizin Berlin
[email protected]        Campus Benjamin Franklin
http://www.charite.de              Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

Reply via email to