23.11.2017 13:48, Philipp Gesang пишет:
Hello!
Now I can use rar or unrar again and it amavisd adds UNCHECKED to
message subject :-)
This is great!
But, for me it still not perfect, as you can see archive contains
executable, namely file with .scr extention,
which should be blocked by amavis according to our configuration, but
message passes UNCHECKED.
File can't be extracted at any locale, but it's latin part, namely
extensions can be read anyway and blocked.
Is it possible to do something about this?
Thank you!
Hi,
-<| Quoting Philipp Gesang <[email protected]>, on Wednesday,
2017-11-22 01:29:33 PM |>-
-<| Quoting Dmitry Melekhov <[email protected]>, on Wednesday, 2017-11-22 04:09:47
PM |>-
22.11.2017 14:49, Dmitry Melekhov пишет:
I run ubuntu 16.04 server with amavisd-new 2.10.1, but looks like 2.11.0
has the same code.*
*
Today I found that amavisd-new can't check attachments using rar or
unrar-nonfree.
If file has only latin characters then message arrives UNCHECKED,
if it has cyrillic in utf-8 then rar or unrar exits with exit code and
message passes without any warnings.
This sounds interesting. Would it be possible to send me a file
like this off-list for testing?
thanks to Dmitry’s sample we were able to cover another corner
case in the unrar handler.
Besides malware, the archive contains filenames encoded in UTF-8
that unrar extracts fine in a UTF8-locale but not in the C
locale. Amavisd ignores the failure during extraction because the
listing succeeded earlier which it does under any locale.
See attached patch.
Best,
Philipp
/tmp/malware # LC_ALL=en_US.UTF-8 unrar x falspositive.rar
UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
Extracting from falspositive.rar
Extracting Для сверки для сверки.scr OK
All OK
/tmp/malware # LC_ALL=C unrar x falspositive.rar
UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
Extracting from falspositive.rar
Cannot create ??? ?????? ??? ??????.scr
No such file or directory
No files to extract
/tmp/malware # echo $?
10
/tmp/malware # LC_ALL=en_US.UTF-8 unrar l falspositive.rar
UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
Archive: falspositive.rar
Details: RAR 5
Attributes Size Date Time Name
----------- --------- ---------- ----- ----
..A.... 211968 2017-11-22 07:38 Для сверки для сверки.scr
----------- --------- ---------- ----- ----
211968 1
/tmp/malware # LC_ALL=C unrar l falspositive.rar
UNRAR 5.50 freeware Copyright (c) 1993-2017 Alexander Roshal
Archive: falspositive.rar
Details: RAR 5
Attributes Size Date Time Name
----------- --------- ---------- ----- ----
..A.... 211968 2017-11-22 07:38 ??? ?????? ??? ??????.scr
----------- --------- ---------- ----- ----
211968 1
