I stumbled on this is the bounce report:
[spam found] bad attachment 'thefile.xlsx' cause: 'compressed file
'thefile.xlsx' - contains forbidden file
c:/assp/tmp/zip_3_1478548021/.10/xl/printerSettings/printerSettings1.bin'
[FW Data]
Turns out there's a lot of them. Sample of one of the macro free xlsx the
files is attached hopefully for your review. If I send this file to myself
from the outside, it's stripped.
I know that Exel's xlsx are compressed xml files. If I open the sample
xmlx file in 7zip, I can see the zip structure, I don't know what Excel is
doing, but there is a printerSettings1.bin file in there, I assume for
printer settings, but this is causing AFC (I believe) to remove the zip.
In UserAttach I have:
# look in zips for these bad files too
zip:* => block => exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|*bin*
|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
Level 1 is
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
and Level 2 is (the same as level 1, but surrounded by () and ending in
.zip to catch these types within a zip
(exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm).zip
Obviously, the quick fix is to remove .bin from the UserAttach file, but
that would allow zip files containing bin through... Questions:
1) Is there a better way other than allowing bin files in zips? It's not
like Office documents are unusual files these days. We have no choice but
to deal with them. Microsoft's decision to make them zip files containing
other content could be a good one for us.
2) Is my Level 2 line necessary with AFC installed or is is redundant?
3) Semi-related: based on the info above, any idea why dll files, including
those within a zip, are allowed through? Shouldn't the exe-bin line catch
them and if not, the dll entries?
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
