On 16/06/2025 21:41, Martin Kellermann wrote:
Hi,
It could be a password-protected zip attachment that prevents the
virus scanner from opening and scanning the contents…
regards
MK
Thanks for the info.
I've managed to work it out by taking a copy of one of the problematic
messages and progressively simplifying it and testing. What I've found
is that the problem is triggered by having a multi-part message, where
one or more parts contains multiple Content-Transfer-Encoding headers...
I've attached two files. If you compare them you'll see that the only
difference between good.txt and bad.txt, is that bad.txt has an extra
Content-Transfer-Encoding header within the first part of the multi-part
message.
If you want to replicate my test, please run the following command on
the server with Amavis, but replace u...@example.com with your own email
address:
sendmailu...@example.com < bad.txt
You should find bad.txt arrives with a subject of "***UNCHECKED***
Testing" (whereas good.txt has the unmodified subject of "Testing").
Is this a bug that should be fixed in Amavis? Or ClamAV? Or is it
expected that having an extra header like this makes the message invalid
and therefore shouldn't be virus scanned?
Thanks,
Nick.
Subject: Testing
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==BOUNDARY=="
--==BOUNDARY==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Test 1.
--==BOUNDARY==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Test 2.
--==BOUNDARY==--
Subject: Testing
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==BOUNDARY=="
--==BOUNDARY==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
Test 1.
--==BOUNDARY==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Test 2.
--==BOUNDARY==--
