Excellent. We'll just deny 7zip for now until the library is patched.
Probably overkill in terms of security, but is there really such a thing?
Thanks.
On Sun, May 15, 2016 at 3:36 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> Type detection (and possibly decompression +detection) is every time done
> before a virus scan. Both has nothing to do with each other.
> ASSP_AFC every time sends the MIME decoded content of the attachment to
> the virus scanner (not the decompressed content!)
> The decompression engine used by the virus scanner is not controlled by
> ASSP_AFC.
>
>
> 1) Yes
> 2) An 7z exeutable is only used, if Archive::Rar::Passthrough is installed
> and 'libarchive' (Archive::Libarchive::XS) is not installed or a 7z unique
> compression mode is used.
> In any case it is recommended to install Archive::Libarchive::XS to
> prevent assp from calling system executables.
>
> Thomas
>
>
> Von: K Post <nntp.p...@gmail.com>
> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum: 15.05.2016 01:32
> Betreff: Re: [Assp-test] 7-zip vulnerability
>
>
>
> Right, but what's to stop a malicious actor from emailing a TINY infected
> one of these inside a .7zip file?
>
> Curious:
> 1) Is ASSP able to detect .7z files as a type. I'm talkinga bout it
> knowing that a 7-zip file that is emailed using a random extension like
> .bla being caught as a prohibited type regardless of the extension.
>
> 2) If we prohibit all .7z files, will the content type be detected BEFORE
> the file is scanned by ClamAV (and thereby opened by the 7-zip
> executable)?
>
>
> On Fri, May 13, 2016 at 12:04 PM, Thomas Eckardt
> <thomas.ecka...@thockar.com
> > wrote:
>
> > Never saw a DVD-Video, DVD-Audio or HFS+ emailed.
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von: K Post <nntp.p...@gmail.com>
> > An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> > Datum: 13.05.2016 17:55
> > Betreff: [Assp-test] 7-zip vulnerability
> >
> >
> >
> > I always worry when software calls other software....
> >
> > Now that ASSP supports 7-zip, what can we do to insure we're protected?
> > http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
> >
> > Is it just a matter of waiting for the libraries to be updated?
> >
> >
>
> ------------------------------------------------------------------------------
> > Mobile security can be enabling, not merely restricting. Employees who
> > bring their own devices (BYOD) to work are irked by the imposition of
> MDM
> > restrictions. Mobile Device Manager Plus allows you to control only the
> > apps on BYO-devices by containerizing them, leaving personal data
> > untouched!
> > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
> >
>
> ------------------------------------------------------------------------------
> > Mobile security can be enabling, not merely restricting. Employees who
> > bring their own devices (BYOD) to work are irked by the imposition of
> MDM
> > restrictions. Mobile Device Manager Plus allows you to control only the
> > apps on BYO-devices by containerizing them, leaving personal data
> > untouched!
> > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data
> untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data
> untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
