It was not worth the try. But it looks like setting the pathname forces
internaly (in libarchive) a read first, and this fails.
try the following before we go further
open the .eml file in your mail client and extract the attachment
try to decopmress the zip using any or multiple system tools (7z, zip,
gzip ....) what ever you have on hand
is it possible to decompress the attachment?
how are the filenames of the decompressed files?
To get this solved, please forward the .eml as ZIP or the extracted
attachment to my privat email address.
Thomas
Von: James Brown via Assp-test <assp-test@lists.sourceforge.net>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Kopie: James Brown <jlbr...@bordo.com.au>
Datum: 07.06.2017 13:55
Betreff: Re: [Assp-test] Bad Attachment: Pathname cannot be
converted from UTF-8 to current locale.
Jun-07-17 21:50:37 [Main_Thread] Info: analyze detected: IP: '192.168.1.2'
, HELO: 'astaro1.bordo.com.au' , assp-Host: 'mail.bordo.com.au'
Jun-07-17 21:50:38 [Main_Thread] [scoring] DKIM signature verified-OK -
pass - sender policy is: accept - author policy is: accept
Jun-07-17 21:50:38 [Main_Thread] Info: domain qq.com has published a DMARC
record
Jun-07-17 21:50:40 [Main_Thread] Warning: possibly virus infected file
(can't read entry in archive header)
'/assp/tmp/zip_0_1496836240/80000797_798_Shipping_Documents.zip' - <-20> -
Pathname cannot be converted from UTF-8 to current locale. - tried
correction to (/assp/tmp/zip_0_1496836240/.10/) failed - Pathname cannot
be converted from UTF-8 to current locale.
Jun-07-17 21:50:40 [Main_Thread] Warning: warn - libarchive extract
'/assp/tmp/zip_0_1496836240/80000797_798_Shipping_Documents.zip' - <-20> -
Pathname cannot be converted from UTF-8 to current locale.
Jun-07-17 21:50:40 [Main_Thread] HMM Check [scoring] - Prob: 0.00000 =>
ham - answer/query relation: 100% of 275
James.
On 7 Jun 2017, at 7:57 pm, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
James, pipe the mail in question in to the analyzer (GUI or per email) and
watch the maillog.txt.
Thomas
Von: James Brown via Assp-test <assp-test@lists.sourceforge.net>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Kopie: James Brown <jlbr...@bordo.com.au>
Datum: 07.06.2017 11:43
Betreff: Re: [Assp-test] Bad Attachment: Pathname cannot be
converted from UTF-8 to current locale.
Wow, thanks Thomas!
Have put 4.54 on now.
Will see how it goes.
Thanks again,
James.
On 7 Jun 2017, at 6:53 pm, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
James,
I've just published ASSP_AFC 4.54 at SF-CVS.
Until 4.53 - if the conversion error was detected, the plugin stopped
processing.
Now - the plugin tries to change the wrong path name to a valid one.
I'm unable to test this. It may work or not - but it will show why.
Thomas
Von: James Brown via Assp-test <assp-test@lists.sourceforge.net>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Kopie: James Brown <jlbr...@bordo.com.au>
Datum: 07.06.2017 08:11
Betreff: [Assp-test] Bad Attachment: Pathname cannot be converted
from UTF-8 to current locale.
Anyone know how to get these archived scanned by AFC?
Jun-07-17 12:54:17 [Worker_2] Warning: possibly virus infected file (can't
read entry in archive header)
'/assp/tmp/zip_2_1496804057/80000797_798_Shipping_Documents.zip' - <-20> -
Pathname cannot be converted from UTF-8 to current locale.
Jun-07-17 12:54:17 [Worker_2] Warning: warn - libarchive extract
'/assp/tmp/zip_2_1496804057/80000797_798_Shipping_Documents.zip' - <-20> -
Pathname cannot be converted from UTF-8 to current locale.
Jun-07-17 12:54:17 id-04046-19702 [Worker_2] [TLS-out] [Attachment]
192.168.1.2 [OIP: 112.90.139.244] <2832...@qq.com> to:
usern...@bordo.com.au SPAM FOUND bad attachment '80000797&798 Shipping
Documents.zip' cause: 'possibly virus infected file (can't extract
archive)'
Jun-07-17 12:54:17 id-04046-19702 [Worker_2] [TLS-out] 192.168.1.2 [OIP:
112.90.139.244] <2832...@qq.com> to: usern...@bordo.com.au Message-Score:
added 5 (baValencePB) for bad attachment '80000797&798 Shipping
Documents.zip' cause: 'possibly virus infected file (can't extract
archive)', total score for this message is now -20
Jun-07-17 12:54:17 id-04046-19702 [Worker_2] [TLS-out] [Attachment]
192.168.1.2 [OIP: 112.90.139.244] <2832...@qq.com> to:
usern...@bordo.com.au mail blocked by Plugin ASSP_AFC - reason
BadAttachment
Jun-07-17 12:54:17 id-04046-19702 [Worker_2] [TLS-out] [Attachment]
192.168.1.2 [OIP: 112.90.139.244] <2832...@qq.com> to:
usern...@bordo.com.au [spam found] (BadAttachment) [fwd Fw Fw 80000797 798
Shipping Documents] ->
/assp/virii/fwd_Fw_Fw_80000797_798_Shipping_Documents--148368.eml;
ASSP 2.5.6(17151)
AFC 4.53
Thanks,
James.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
