I modified a 42.zip to contain some password protected components. This archive is "Passed CLEAN" instead of falling in the UNCHECKED category. Note that 7-zip is being used to unpack the ZIP files.
The logs: Sep 10 10:53:03 mail amavis[9319]: (09319-09) ESMTP::10025 /var/amavis/amavis-20130910T105000-09319-V27h_cGX: <[email protected]> -> <[email protected]> SIZE=59586 RET=HDRS Received: from mail.charite.de ([127.0.0.1]) by localhost (mail.charite.de [127.0.0.1]) (amavisd-new, port 10025) with ESMTP for <[email protected]>; Tue, 10 Sep 2013 10:53:03 +0200 (CEST) Sep 10 10:53:03 mail amavis[9319]: (09319-09) dkim: VALID Author+Sender+MailFrom signature by d=sys4.de, From: <[email protected]>, a=rsa-sha256, c=relaxed/simple, s=mail201205, [email protected] Sep 10 10:53:03 mail amavis[9319]: (09319-09) Checking: ICDGt5otIlHh [194.126.158.139] <[email protected]> -> <[email protected]> Sep 10 10:53:03 mail amavis[9319]: (09319-09) p003 1 Content-Type: multipart/mixed Sep 10 10:53:03 mail amavis[9319]: (09319-09) p001 1/1 Content-Type: text/plain, size: 6 B, name: Sep 10 10:53:03 mail amavis[9319]: (09319-09) p002 1/2 Content-Type: application/zip, size: 42838 B, name: Test42Test.zip Sep 10 10:53:03 mail amavis[9319]: (09319-09) (!!)collect_results from [12001] (/usr/bin/7za): exit 2 \n7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18\np7zip Version 9.20 (locale=C,Utf16=off,HugeFiles=on,4 CPUs)\n\nProcessing archive: /var/amavis/amavis-20130910T105000-09319-V27h_cGX/parts/p002\n\nExtracting lib 0.zip\nEnter password (will not be echoed) : Data Error in encrypted file. Wrong password?\nExtracting lib 1.zip Data Error in encrypted file. Wrong password?\nExtracting lib 2.zip Data Error in encrypted file. Wrong password?\nExtracting lib 3.zip Data Error in encrypted file. Wrong password?\nExtracting lib 4.zip Data Error in encrypted file. Wrong password?\nExtracting lib 5.zip Data Error in encrypted file. Wrong password?\nExtracting lib 6.zip Data Error in encrypted file. Wrong password?\nExtracting lib 7.zip Data Error in encrypted file. Wrong password?\nExtracting lib 8.zip Data Error in encrypted file . Wrong passwo... Sep 10 10:53:03 mail amavis[9319]: (09319-09) (!!)...rd?\nExtracting lib 9.zip Data Error in encrypted file. Wrong password?\nExtracting lib a.zip Data Error in encrypted file. Wrong password?\nExtracting lib b.zip Data Error in encrypted file. Wrong password?\nExtracting lib c.zip Data Error in encrypted file. Wrong password?\nExtracting lib d.zip Data Error in encrypted file. Wrong password?\nExtracting lib e.zip Data Error in encrypted file. Wrong password?\nExtracting lib f.zip Data Error in encrypted file. Wrong password?\n\nSub items Errors: 16\n\n Sep 10 10:53:08 mail amavis[9319]: (09319-09) FWD from <[email protected]> -> <[email protected]>,RET=HDRS BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3cZ0Pw04nlzCr1W Sep 10 10:53:08 mail amavis[9319]: (09319-09) Passed CLEAN {RelayedInbound}, [10.0.0.1]:44393 [10.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: ICDGt5otIlHh, Hits: -4.144, size: 60340, queued_as: 3cZ0Pw04nlzCr1W, dkim_sd=mail201205:sys4.de, 4557 ms Sep 10 10:53:08 mail amavis[9319]: (09319-09) OS_fingerprint: 10.0.0.1 -4.144 ham.UNKNOWN - UNKNOWN [S10:52:1:60:M1460,S,T,N,W0:.:?:?] [priority1] (up: 354 hrs), (link: ethernet/modem) Sep 10 10:53:08 mail amavis[9319]: (09319-09) TIMING-SA [total 4318 ms, cpu 436 ms] - parse: 4 (0.1%), extract_message_metadata: 12 (0.3%), get_uri_detail_list: 0.54 (0.0%), tests_pri_-1000: 6 (0.1%), tests_pri_-950: 1.10 (0.0%), tests_pri_-900: 1.15 (0.0%), tests_pri_-400: 2615 (60.6%), check_bayes: 2606 (60.4%), b_tokenize: 3 (0.1%), b_tok_get_all: 1.83 (0.0%), b_comp_prob: 1.73 (0.0%), b_tok_touch_all: 0.08 (0.0%), b_finish: 2327 (53.9%), tests_pri_0: 1627 (37.7%), check_spf: 127 (2.9%), poll_dns_idle: 113 (2.6%), check_dcc: 1453 (33.7%), tests_pri_500: 6 (0.1%), tests_pri_1000: 18 (0.4%), total_awl: 16 (0.4%), check_awl: 0.16 (0.0%), update_awl: 0.07 (0.0%), learn: 8 (0.2%), get_report: 1.16 (0.0%) Sep 10 10:53:08 mail amavis[9319]: (09319-09) size: 60340, TIMING [total 4562 ms, cpu 580 ms, AM-cpu 144 ms, SA-cpu 436 ms] - SMTP greeting: 2 (0%)0, SMTP EHLO: 0 (0%)0, SMTP pre-MAIL: 0 (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 1 (0%)0, check_init: 0 (0%)0, digest_hdr: 2 (0%)0, digest_body_dkim: 7 (0%)0, mime_decode: 14 (0%)1, get-file-type2: 18 (0%)1, ren0-unl16-files16: 77 (2%)3, decompose_part: 0 (0%)3, get-file-type0: 0 (0%)3, parts_decode: 0 (0%)3, check_header: 0 (0%)3, AV-scan-1: 57 (1%)4, spam-wb-list: 1 (0%)4, SA msg read: 1 (0%)4, SA parse: 5 (0%)4, SA check: 4306 (94%)99, decide_mail_destiny: 9 (0%)99, notif-quar: 0 (0%)99, fwd-connect: 4 (0%)99, fwd-xforward: 0 (0%)99, fwd-mail-pip: 1 (0%)99, fwd-rcpt-pip: 0 (0%)99, fwd-data-chkpnt: 0 (0%)99, write-header: 1 (0%)99, fwd-data-contents: 1 (0%)99, fwd-end-chkpnt: 42 (1%)100, prepare-dsn: 1 (0%)100, main_log_entry: 5 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100, unlink-2-files : 0 (0%)100, r... Sep 10 10:53:08 mail amavis[9319]: (09319-09) ...undown: 1 (0%)100 Sep 10 10:53:08 mail amavis[9319]: (09319-09) size: 60340, RUSAGE minflt=10074+3749, majflt=0+0, nswap=0+0, inblock=0+0, oublock=21352+0, msgsnd=0+0, msgrcv=0+0, nsignals=0+0, nvcsw=81+3, nivcsw=37+5, maxrss=131420+128696, ixrss=0+0, idrss=0+0, isrss=0+0, utime=0.432+0.036, stime=0.088+0.024 Sep 10 10:53:08 mail amavis[9319]: (09319-09) extra modules loaded: unicore/lib/Hex/Y.pl -- Ralf Hildebrandt Charite Universitätsmedizin Berlin [email protected] Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
