So what happens when you try to extract a unencrypted 7z archive using the internal decoder? Does that work?

On 9/14/2016 8:10 AM, Hoyer-Reuther, Christian wrote:
Hello,

our mailserver run amavisd-new-2.10.1 on Debian Jessie. Regarding encrypted 
archives I configured $undecipherable_subject_tag = '+++Virus scan failed+++ ' 
so the recipient is notified that the archive could not be scanned.

But when 7z or 7za is used as decoder of an encrypted archive then the subject 
is not modified.

According to the release notes this problem seems to be fixed in amavisd-new-2.11.0 
("updated decoder for 7z archives to improve handling of encrypted content; based on 
a patch by Markus Benning").

I don't know if 2.11.0 will be available on Jessie (or at least the fix for 
7z), but for the moment I use the internal decoder for zip files as a 
workaround. Then it works and the subject is modified.

I would like to know if there are any drawbacks when I use the internal decoder 
instead of 7z for zip files.

Regards,

Christian

A few details follow:

Debian Jessie package versions:
ii  amavisd-new                    1:2.10.1-2~deb8u1           all
ii  p7zip-full                     9.20.1~dfsg.1-4.1+deb8u2    amd64

Test with 7z:
amavis[6356]: (06356-01) (!!)collect_results from [6416] (/usr/bin/7z): exit 2 
\n7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18\np7zip 
Version 9.20 (locale=C,Utf16=off,
HugeFiles=on,8 CPUs)\n\nProcessing archive: 
/var/lib/amavis/tmp/amavis-20160914T130733-06356-PkD36RYR/parts/p002\n\nExtracting
  eicar.txt\nEnter password (will not be echoed) :     CRC Failed in encrypted
file. Wrong password?\n\nSub items Errors: 1\n\n

Test with 7za:
amavis[6566]: (06566-01) (!!)collect_results from [6610] (/usr/bin/7za): exit 2 
\n7-Zip (A) [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18\np7zip 
Version 9.20 (locale=C,
Utf16=off,HugeFiles=on,8 CPUs)\n\nProcessing archive: 
/var/lib/amavis/tmp/amavis-20160914T131036-06566-OSv3L3u_/parts/p002\n\nExtracting
  eicar.txt\nEnter password (will not be echoed) :     CRC Failed in
encrypted file. Wrong password?\n\nSub items Errors: 1\n\n

Test with internal decoder:
amavis[6804]: (06804-01) do_unzip: p002, 1 members are encrypted, none 
extracted, archive retained

decoders and subject tag settings in /etc/amavis/conf.d/50-user:
$gzip       = 'gzip';
$bzip2      = 'bzip2';
$lzop       = 'lzop';
$rpm2cpio   = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = ['7z', 'cabextract'];
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc        = ['nomarch', 'arc'];
$unarj      = ['arj', 'unarj'];
$unrar      = ['rar', 'unrar'];
$zoo        = 'zoo';
$lha        = 'lha';
$pax        = 'pax';
$cpio       = 'cpio';
$ar         = 'ar';
$ripole     = 'ripole';
$dspam      = 'dspam';
unshift(@decoders,
   # ['zip', \&Amavis::Unpackers::do_7zip, ['7z','7za'] ],
   ['zip', \&Amavis::Unpackers::do_unzip],
);
$undecipherable_subject_tag = '+++Virus scan failed+++ ';

decoders log at amavis startup:
amavis[6803]: Internal decoder for .zip
amavis[6803]: Internal decoder for .mail
amavis[6803]: No ext program for   .F, tried: unfreeze, freeze -d, melt, fcat
amavis[6803]: Found decoder for    .Z    at /bin/uncompress
amavis[6803]: Found decoder for    .gz   at /bin/gzip -d
amavis[6803]: Internal decoder for .gz   (backup, not used)
amavis[6803]: Found decoder for    .bz2  at /bin/bzip2 -d
amavis[6803]: Found decoder for    .xz   at /usr/bin/xz -dc
amavis[6803]: Found decoder for    .lzma at /usr/bin/xz -dc --format=lzma
amavis[6803]: Found decoder for    .lrz  at /usr/bin/lrzip -q -k -d -o -
amavis[6803]: Found decoder for    .lzo  at /usr/bin/lzop -d
amavis[6803]: Found decoder for    .lz4  at /usr/bin/lz4c -d
amavis[6803]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
amavis[6803]: Found decoder for    .cpio at /bin/pax
amavis[6803]: Found decoder for    .tar  at /bin/pax
amavis[6803]: Found decoder for    .deb  at /usr/bin/ar
amavis[6803]: Found decoder for    .rar  at /usr/bin/unrar
amavis[6803]: Found decoder for    .arj  at /usr/bin/arj
amavis[6803]: Found decoder for    .arc  at /usr/bin/nomarch
amavis[6803]: Found decoder for    .zoo  at /usr/bin/zoo
amavis[6803]: Found decoder for    .doc  at /usr/bin/ripole
amavis[6803]: Found decoder for    .cab  at /usr/bin/7z
amavis[6803]: Internal decoder for .tnef
amavis[6803]: Found decoder for    .zip  at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .kmz  at /usr/bin/7za
amavis[6803]: Internal decoder for .zip  (backup, not used)
amavis[6803]: Internal decoder for .kmz  (backup, not used)
amavis[6803]: Found decoder for    .7z   at /usr/bin/7za
amavis[6803]: Found decoder for    .gz   at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .bz2  at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .Z    at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .tar  at /usr/bin/7za (backup, not used)
amavis[6803]: Found decoder for    .xz   at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .lzma at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .jar  at /usr/bin/7z
amavis[6803]: Found decoder for    .cpio at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .arj  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .rar  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .swf  at /usr/bin/7z
amavis[6803]: Found decoder for    .lha  at /usr/bin/7z
amavis[6803]: Found decoder for    .iso  at /usr/bin/7z
amavis[6803]: Found decoder for    .cab  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .deb  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .rpm  at /usr/bin/7z (backup, not used)
amavis[6803]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; 
/usr/bin/arj
amavis[6803]: No decoder for       .F


--
Hermes Secure Email Gateway
*Hermes Secure Email Gateway*
Hermes Secure Email Gateway combines Open Source technologies such as Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail under one unified web based Web GUI for easy administration and management of your incoming and ougoing email for your organization. Anti-spam, anti-virus and anti-malware protection, encrypted S/MIME, encrypted PDF and SMTP TLS support, built-in email archiving, end-user self-service web gui.

Download the free open-source appliance at:
http://www.deeztek.com/hermes-secure-email-gateway/

Reply via email to