Re: [Assp-user] bad attachment [...] possibly a virus infected file (can't extract archive)'

Mon, 21 Mar 2016 09:05:03 -0700 

here is full log:

Mar-21-16 15:28:49 [Worker_1] 207.82.80.152 [SMTP Reply] 220 EAIT - Keep it
legit, or keep out
Mar-21-16 15:28:49 [Worker_1] 207.82.80.152 [SMTP Reply] 250 DSN
Mar-21-16 15:28:49 [Worker_1] 207.82.80.152 [SMTP Reply] 220 2.0.0 Ready to
start TLS
Mar-21-16 15:28:49 [Worker_1] [TLS-in] [TLS-out] 207.82.80.152 [SMTP Reply]
250 DSN
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> [SMTP Reply] 250 2.1.0 Ok
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 250 2.1.5
Ok
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 354 End
data with <CR><LF>.<CR><LF>
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld Whitelisted sender
address: sen...@remote.tld for recipient r...@local.tld
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld Whitelisted sender
address: sen...@remote.tld for recipient r...@local.tld
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld Admininfo: whitelist
addition: sen...@remote.tld - AutoWhite on sent mail by sen...@remote.tld
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld Admininfo: whitelist
addition: sen...@remote.tld - AutoWhite on sent mail by sen...@remote.tld
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld [Plugin] calling
plugin ASSP_AFC
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: attachment
imageda77b6.PNG found for Level-1
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: using user based
compressed attachment check
Mar-21-16 15:28:51 [Worker_1] Info: will detect executables in compressed
files
Mar-21-16 15:28:51 [Worker_1] Info: analyzing compressed file
/opt/assp/tmp/zip_1_1458570531/imageda77b6.PNG at zip-level 0
Mar-21-16 15:28:51 [Worker_1] Info: looking for filetype in: .png .x-png
Mar-21-16 15:28:51 [Worker_1] Info:
/opt/assp/tmp/zip_1_1458570531/imageda77b6.PNG seems not to be a compressed
file
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: attachment
setupBarraTelefonica.zip found for Level-1
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: using user based
compressed attachment check
Mar-21-16 15:28:51 [Worker_1] Info: will detect executables in compressed
files
Mar-21-16 15:28:51 [Worker_1] Info: analyzing compressed file
/opt/assp/tmp/zip_1_1458570531/setupBarraTelefonica.zip at zip-level 0
Mar-21-16 15:28:51 [Worker_1] Info: looking for filetype in: .zip
Mar-21-16 15:28:51 [Worker_1] Info: found compressed file with type: 'zip'
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 207.82.80.152 <sen...@remote.tld> to: r...@local.tld SPAM
FOUND bad attachment 'setupBarraTelefonica.zip' is a 'compressed file
'setupBarraTelefonica.zip' - contains forbidden executable file setup.exe -
type: Win32 EXE'
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 207.82.80.152 <sen...@remote.tld> to: r...@local.tld mail
blocked by Plugin ASSP_AFC - reason BadAttachment
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 207.82.80.152 <sen...@remote.tld> to: r...@local.tld [spam
found] (BadAttachment) [Setup barra telefonica NCO2];
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 250 OK
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 221
<myassp> closing transmission

plugin ASSP_AFC is running with priority 6.

regards,
aqx

On Mon, Mar 21, 2016 at 4:42 PM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:

> >grep m1-70529-07242 /opt/assp/logs/maillog.txt
>
> Session log contains some times no mailID (m1-70529-07242) in the
> loglines. Please post the complete content for this mail
>
> Thomas
>
>
>
> Von:    aquilinux <aquili...@gmail.com>
> An:     For Users of ASSP <assp-user@lists.sourceforge.net>
> Datum:  21.03.2016 16:09
> Betreff:        Re: [Assp-user] bad attachment [...] possibly a virus
> infected file (can't extract archive)'
>
>
>
> Here is another case of not stored message:
>
> root@assp2:~# grep m1-70529-07242 /opt/assp/logs/maillog.txt
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> [SMTP Reply] 250 2.1.0 Ok
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 250
> 2.1.5
> Ok
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 354 End
> data with <CR><LF>.<CR><LF>
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld Whitelisted sender
> address: sen...@remote.tld for recipient r...@local.tld
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld Whitelisted sender
> address: sen...@remote.tld for recipient r...@local.tld
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld Admininfo: whitelist
> addition: sen...@remote.tld - AutoWhite on sent mail by sen...@remote.tld
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld Admininfo: whitelist
> addition: sen...@remote.tld - AutoWhite on sent mail by sen...@remote.tld
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld [Plugin] calling
> plugin ASSP_AFC
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: attachment
> imageda77b6.PNG found for Level-1
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: using user
> based
> compressed attachment check
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: attachment
> setupBarraTelefonica.zip found for Level-1
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld info: using user
> based
> compressed attachment check
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> [Attachment] 207.82.80.152 <sen...@remote.tld> to: r...@local.tld SPAM
> FOUND bad attachment 'setupBarraTelefonica.zip' is a 'compressed file
> 'setupBarraTelefonica.zip' - contains forbidden executable file setup.exe
> -
> type: Win32 EXE'
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> [Attachment] 207.82.80.152 <sen...@remote.tld> to: r...@local.tld mail
> blocked by Plugin ASSP_AFC - reason BadAttachment
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> [Attachment] 207.82.80.152 <sen...@remote.tld> to: r...@local.tld [spam
> found] (BadAttachment) [Setup barra telefonica NCO2];
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 250 OK
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <sen...@remote.tld> to: r...@local.tld [SMTP Reply] 221 <
> assp2.europassistance.it> closing transmission
>
> i had sessionLog to diagnostic, just tell me if you need more lines of
> logs.
>
>
>
>
>
> On Mon, Mar 21, 2016 at 1:07 PM, Thomas Eckardt
> <thomas.ecka...@thockar.com>
> wrote:
>
> > Remains the problem with the not stored .eml file, if ASSP_AFC has
> > blocked. I think this is solved - but who knows?
> >
> > Thomas
> >
> >
> >
> > Von:    aquilinux <aquili...@gmail.com>
> > An:     For Users of ASSP <assp-user@lists.sourceforge.net>
> > Datum:  21.03.2016 12:38
> > Betreff:        Re: [Assp-user] bad attachment [...] possibly a virus
> > infected file (can't extract archive)'
> >
> >
> >
> > Thanks Thomas, it just works!
> >
> > regards,
> > aqx
> >
> > On Mon, Mar 21, 2016 at 12:17 PM, Thomas Eckardt
> > <thomas.ecka...@thockar.com
> > > wrote:
> >
> > > I just published ASSP_AFC 3.29 and 4.21 at CVS - the space problem is
> > > solved.
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von:    aquilinux <aquili...@gmail.com>
> > > An:     For Users of ASSP <assp-user@lists.sourceforge.net>
> > > Datum:  21.03.2016 11:51
> > > Betreff:        Re: [Assp-user] bad attachment [...] possibly a virus
> > > infected file (can't extract archive)'
> > >
> > >
> > >
> > > i'm running Perl v5.18.2
> > >
> > > On Mon, Mar 21, 2016 at 11:46 AM, Thomas Eckardt
> > > <thomas.ecka...@thockar.com
> > > > wrote:
> > >
> > > > >AFC detection whenever the FOLDER contains spaces
> > > > in the name
> > > >
> > > > Do you use perl 5.16 ?
> > > >
> > > > Thomas
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Von:    aquilinux <aquili...@gmail.com>
> > > > An:     For Users of ASSP <assp-user@lists.sourceforge.net>
> > > > Datum:  21.03.2016 10:35
> > > > Betreff:        Re: [Assp-user] bad attachment [...] possibly a
> virus
> > > > infected file (can't extract archive)'
> > > >
> > > >
> > > >
> > > > Hi Thomas, i'm running latest assp.pl and latest AFC plugin with
> > > > sessionLog
> > > > diagnostic and AttachmentLog verbose. if i run into the missing mail
> > > issue
> > > > again i'll update this thread.
> > > >
> > > > in the meantime, i think that AFC plugin is still failing to detect
> > > > correct
> > > > extension for unzipped files with spaces and i could reproduce the
> > > issue.
> > > > let's take the following scenario: a PDF in a FOLDER in a ZIP.
> > > > assp is ALWAYS failing in AFC detection whenever the FOLDER contains
> > > > spaces
> > > > in the name.
> > > > Any other combination of spaces and no-spaces leads to a correct
> > > detection
> > > > of the FILE extension.
> > > >
> > > > Regars,
> > > > aqx
> > > >
> > > >
> > > > On Fri, Mar 18, 2016 at 4:54 PM, Thomas Eckardt
> > > > <thomas.ecka...@thockar.com>
> > > > wrote:
> > > >
> > > > > Before you start the test, please upgrade assp.pl and ASSP_AFC.pm
> to
> > > the
> > > > > latest dev version!
> > > > >
> > > > > Thomas
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Von:    aquilinux <aquili...@gmail.com>
> > > > > An:     For Users of ASSP <assp-user@lists.sourceforge.net>
> > > > > Datum:  18.03.2016 16:45
> > > > > Betreff:        Re: [Assp-user] bad attachment [...] possibly a
> > virus
> > > > > infected file (can't extract archive)'
> > > > >
> > > > >
> > > > >
> > > > > Monday i'll try to reproduce it.
> > > > > it should be quite easy, since it happened a couple of times
> during
> > my
> > > > > attachment blocking tests..
> > > > >
> > > > > On Fri, Mar 18, 2016 at 3:29 PM, Thomas Eckardt
> > > > > <thomas.ecka...@thockar.com>
> > > > > wrote:
> > > > >
> > > > > > Even the [MessageOK] detection before the plugin is called is
> > > missing!
> > > > I
> > > > > > can't reproduce this and I've no clue, how this can be happen -
> > I'm
> > > > > sorry.
> > > > > >
> > > > > > If you can reproduce this - set SessionLog to diagnostic and
> > > > > AttachmentLog
> > > > > > to verbose. Or debug such a mail.
> > > > > >
> > > > > > Thomas
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Von:    aquilinux <aquili...@gmail.com>
> > > > > > An:     For Users of ASSP <assp-user@lists.sourceforge.net>
> > > > > > Datum:  17.03.2016 13:41
> > > > > > Betreff:        Re: [Assp-user] bad attachment [...] possibly a
> > > virus
> > > > > > infected file (can't extract archive)'
> > > > > >
> > > > > >
> > > > > >
> > > > > > and in this case the message is blocked, but it is not stored
> > > > anywhere:
> > > > > >
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> info: found message size
> > > announcement:
> > > > > > 23.25 kByte
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> [SMTP Reply] 250 2.1.0 Ok
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply]
> 250
> > > > 2.1.5
> > > > > Ok
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply]
> 354
> > > End
> > > > > data
> > > > > > with <CR><LF>.<CR><LF>
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld DKIM-Signature
> > > found
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld info: found
> known
> > > > good
> > > > > > HELO 'smtp.tiscali.it' - weight is -2
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld Message-Score:
> > > added
> > > > > -40
> > > > > > for KnownGoodHelo, total score for this message is now -40
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld info: domain
> > > > tiscali.it
> > > > > > has published a DMARC record
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld strictspf
> Regex:
> > > > > > strictSPFRe 'tiscali.it'
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld Message-Score:
> > > added
> > > > > -15
> > > > > > (pbwValencePB) for In Penalty White Box, total score for this
> > > message
> > > > is
> > > > > > now -55
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld removed
> > > > > > Disposition-Notification headers from mail
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld HMM Check
> > [scoring]
> > > -
> > > > > > Prob: 0.00000 => ham - answer/query relation: 22% of 50
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld Bayesian Check
> > > > > [scoring]
> > > > > > -
> > > > > > Prob: 0.00000 => ham - answer/query relation: 71% of 52
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld [Plugin]
> calling
> > > > plugin
> > > > > > ASSP_AFC
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld info: using
> user
> > > > based
> > > > > > compressed attachment check
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > [Attachment] 213.205.33.246 <o...@remote.tld> to: i...@local.tld
> SPAM
> > > > FOUND
> > > > > > bad attachment 'N 19 convitto barcellona 20 23 marzo.xlsx' is a
> '
> > -
> > > > the
> > > > > > file extension: '.xlsx' does not match the content based
> detected
> > > file
> > > > > > type
> > > > > > '''
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > [Attachment] 213.205.33.246 <o...@remote.tld> to: i...@local.tld
> mail
> > > > > blocked
> > > > > > by Plugin ASSP_AFC - reason BadAttachment
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > [Attachment] 213.205.33.246 <o...@remote.tld> to: i...@local.tld
> > [spam
> > > > > found]
> > > > > > (BadAttachment) [societa sardinia new tavel polizza 33489q 19
> > 2016];
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply]
> 250
> > OK
> > > > > > Mar-17-16 13:20:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
> > > > > > 213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply]
> 221
> > > > > > <myassphost> closing transmission
> > > > > >
> > > > > > this message is actually marked as spam but it is LOST....
> > > > > >
> > > > > > On Thu, Mar 17, 2016 at 12:41 PM, aquilinux
> <aquili...@gmail.com>
> > > > wrote:
> > > > > >
> > > > > > > here's a different case of uncorrect detection:
> > > > > > >
> > > > > > > Mar-17-16 12:33:38 m1-14417-13392 [Worker_3] [TLS-in]
> [TLS-out]
> > > > > > > [Attachment] 92.246.34.74 <o...@remote.tld> to: i...@local.tld
> SPAM
> > > > FOUND
> > > > > > > bad attachment 'Copia di Lista mezzi Truckcenter.xlsx' is a '
> -
> > > the
> > > > > file
> > > > > > > extension: '.xlsx' does not match the content based detected
> > file
> > > > type
> > > > > > '''
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Mar 17, 2016 at 10:40 AM, aquilinux
> > <aquili...@gmail.com>
> > > > > wrote:
> > > > > > >
> > > > > > >> Upgraded, thanks.
> > > > > > >> I have now an issue with another legitimate attachment:
> > > > > > >>
> > > > > > >> Mar-17-16 09:37:24 m1-03839-03606 [Worker_4] [TLS-in]
> [TLS-out]
> > > > > > >> [Attachment] 212.82.97.124 <sen...@yahoo.it> to: m...@my.tld
> SPAM
> > > > FOUND
> > > > > > >> bad attachment 'CITYLIFE INTERVENTI ESEGUITI 16.03.16.zip' is
> a
> > > > > > 'compressed
> > > > > > >> file 'CITYLIFE INTERVENTI ESEGUITI 16.03.16.zip' - contains
> > > > forbidden
> > > > > > >> executable file CITYLIFE - type: possibly a virus infected
> file
> > > > > (can't
> > > > > > >> read)'
> > > > > > >>
> > > > > > >> the zip file contains a folder (with spaces), containing 6
> PDF
> > > > files
> > > > > > >> (with spaces), all clean.
> > > > > > >> So, i removed the spaces from the zip (in folder and file
> > names)
> > > > and
> > > > > > now
> > > > > > >> the mail gets through as expected.
> > > > > > >> I think there is an issue with zip attachment with spaces
> that
> > > > > prevets
> > > > > > >> AFC from detecting correct file extensions.
> > > > > > >>
> > > > > > >> Regards,
> > > > > > >>
> > > > > > >> On Thu, Mar 17, 2016 at 7:36 AM, Thomas Eckardt <
> > > > > > >> thomas.ecka...@thockar.com> wrote:
> > > > > > >>
> > > > > > >>> To detect .emz files you need to upgrade MIME::Types at
> least
> > to
> > > > > > version
> > > > > > >>> 2.13 (CPAN has it).
> > > > > > >>>
> > > > > > >>> Thomas
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> Von:    aquilinux <aquili...@gmail.com>
> > > > > > >>> An:     For Users of ASSP <assp-user@lists.sourceforge.net>
> > > > > > >>> Datum:  16.03.2016 10:08
> > > > > > >>> Betreff:        Re: [Assp-user] bad attachment [...]
> possibly
> > a
> > > > > virus
> > > > > > >>> infected file (can't extract archive)'
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> thanks Thomas, i upgraded both assp.pl and plugin.
> > > > > > >>> now i'm facing this:
> > > > > > >>>
> > > > > > >>> Mar-16-16 09:56:08 m1-18566-15642 [Worker_5] [TLS-in]
> > [TLS-out]
> > > > > > >>> [Attachment] 92.246.34.74 <x...@xyz.tld> to: a...@abc.tld SPAM
> > > FOUND
> > > > > bad
> > > > > > >>> attachment 'image001.emz' is a ' - the file extension:
> '.emz'
> > > does
> > > > > not
> > > > > > >>> match the content based detected file type '''
> > > > > > >>>
> > > > > > >>> Mar-16-16 09:56:08 [Worker_5] Warning: possibly a virus
> > infected
> > > > > file
> > > > > > >>> (can't read) '/opt/assp/tmp/zip_5_1458118567/.10/.10' - Not
> a
> > > > > > directory
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> regards,
> > > > > > >>> aqx
> > > > > > >>>
> > > > > > >>> On Wed, Mar 16, 2016 at 8:13 AM, Thomas Eckardt
> > > > > > >>> <thomas.ecka...@thockar.com>
> > > > > > >>> wrote:
> > > > > > >>>
> > > > > > >>> > ASSP version 2.4.8(16074) + ASSP_AFC 3.26
> > > > > > >>> >
> > > > > > >>> > both available at SF-CVS
> > > > > > >>> >
> > > > > > >>> > will fix this.
> > > > > > >>> >
> > > > > > >>> > Thomas
> > > > > > >>> > ps: please use the "ASSP List"
> > assp-t...@lists.sourceforge.net
> > > > if
> > > > > > you
> > > > > > >>> use
> > > > > > >>> > a dev version 2.4.8
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> > Von:    aquilinux <aquili...@gmail.com>
> > > > > > >>> > An:     For Users of ASSP
> <assp-user@lists.sourceforge.net>
> > > > > > >>> > Datum:  15.03.2016 15:00
> > > > > > >>> > Betreff:        [Assp-user] bad attachment [...] possibly
> a
> > > > virus
> > > > > > >>> infected
> > > > > > >>> > file    (can't extract archive)'
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> > Hi all,
> > > > > > >>> > I recently enforced attachment blocking with zip
> inspection
> > > but
> > > > > > >>> legitimate
> > > > > > >>> > attachements are blocked because of this:
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:09:55 [Worker_5] Warning: possibly a virus
> > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> '/opt/assp/tmp/zip_5_1458047395/MSC_Implementation_Activities_15.03.2016.xlsx'
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:39:15 [Worker_10] Warning: possibly a virus
> > > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> '/opt/assp/tmp/zip_10_1458049154/20150922_GAA_Global_Corporate_Commercial_ok.docx'
> > > > > > >>> > -  - Could not chdir back to start dir '': '
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:04:22 [Worker_1] Warning: possibly a virus
> > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > > >>> >
> '/opt/assp/tmp/zip_1_1458047062/Figures_wo_VolvoTrucks.xlsm'
> > -
> > > -
> > > > > > Could
> > > > > > >>> > not
> > > > > > >>> > chdir back to start dir '': '
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:08:09 [Worker_1] Warning: possibly a virus
> > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > '/opt/assp/tmp/zip_1_1458047289/errori.zip'
> > > > > > -
> > > > > > >>> -
> > > > > > >>> > Could not chdir back to start dir '': '
> > > > > > >>> >
> > > > > > >>> > what's happening?
> > > > > > >>> > ASSP version 2.4.8(16060) + ASSP_AFC 3.19
> > > > > > >>> >
> > > > > > >>> > thanks!
> > > > > > >>> >
> > > > > > >>> > --
> > > > > > >>> > "Madness, like small fish, runs in hosts, in vast numbers
> of
> > > > > > >>> instances."
> > > > > > >>> >
> > > > > > >>> > Nessuno mi pettina bene come il vento.
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > > >>> > Transform Data into Opportunity.
> > > > > > >>> > Accelerate data analysis in your applications with
> > > > > > >>> > Intel Data Analytics Acceleration Library.
> > > > > > >>> > Click to learn more.
> > > > > > >>> >
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> > _______________________________________________
> > > > > > >>> > Assp-user mailing list
> > > > > > >>> > Assp-user@lists.sourceforge.net
> > > > > > >>> > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> > DISCLAIMER:
> > > > > > >>> > *******************************************************
> > > > > > >>> > This email and any files transmitted with it may be
> > > > confidential,
> > > > > > >>> legally
> > > > > > >>> > privileged and protected in law and are intended solely
> for
> > > the
> > > > > use
> > > > > > of
> > > > > > >>> the
> > > > > > >>> >
> > > > > > >>> > individual to whom it is addressed.
> > > > > > >>> > This email was multiple times scanned for viruses. There
> > > should
> > > > be
> > > > > > no
> > > > > > >>> > known virus in this email!
> > > > > > >>> > *******************************************************
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > > >>> > Transform Data into Opportunity.
> > > > > > >>> > Accelerate data analysis in your applications with
> > > > > > >>> > Intel Data Analytics Acceleration Library.
> > > > > > >>> > Click to learn more.
> > > > > > >>> >
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> > _______________________________________________
> > > > > > >>> > Assp-user mailing list
> > > > > > >>> > Assp-user@lists.sourceforge.net
> > > > > > >>> > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> --
> > > > > > >>> "Madness, like small fish, runs in hosts, in vast numbers of
> > > > > > instances."
> > > > > > >>>
> > > > > > >>> Nessuno mi pettina bene come il vento.
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > > >>> Transform Data into Opportunity.
> > > > > > >>> Accelerate data analysis in your applications with
> > > > > > >>> Intel Data Analytics Acceleration Library.
> > > > > > >>> Click to learn more.
> > > > > > >>>
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> _______________________________________________
> > > > > > >>> Assp-user mailing list
> > > > > > >>> Assp-user@lists.sourceforge.net
> > > > > > >>> https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> DISCLAIMER:
> > > > > > >>> *******************************************************
> > > > > > >>> This email and any files transmitted with it may be
> > > confidential,
> > > > > > legally
> > > > > > >>> privileged and protected in law and are intended solely for
> > the
> > > > use
> > > > > of
> > > > > > >>> the
> > > > > > >>>
> > > > > > >>> individual to whom it is addressed.
> > > > > > >>> This email was multiple times scanned for viruses. There
> > should
> > > be
> > > > > no
> > > > > > >>> known virus in this email!
> > > > > > >>> *******************************************************
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > > >>> Transform Data into Opportunity.
> > > > > > >>> Accelerate data analysis in your applications with
> > > > > > >>> Intel Data Analytics Acceleration Library.
> > > > > > >>> Click to learn more.
> > > > > > >>>
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> _______________________________________________
> > > > > > >>> Assp-user mailing list
> > > > > > >>> Assp-user@lists.sourceforge.net
> > > > > > >>> https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>>
> > > > > > >>>
> > > > > > >>
> > > > > > >>
> > > > > > >> --
> > > > > > >> "Madness, like small fish, runs in hosts, in vast numbers of
> > > > > > instances."
> > > > > > >>
> > > > > > >> Nessuno mi pettina bene come il vento.
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > > > > instances."
> > > > > > >
> > > > > > > Nessuno mi pettina bene come il vento.
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > > > instances."
> > > > > >
> > > > > > Nessuno mi pettina bene come il vento.
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > > Transform Data into Opportunity.
> > > > > > Accelerate data analysis in your applications with
> > > > > > Intel Data Analytics Acceleration Library.
> > > > > > Click to learn more.
> > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > _______________________________________________
> > > > > > Assp-user mailing list
> > > > > > Assp-user@lists.sourceforge.net
> > > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > DISCLAIMER:
> > > > > > *******************************************************
> > > > > > This email and any files transmitted with it may be
> confidential,
> > > > > legally
> > > > > > privileged and protected in law and are intended solely for the
> > use
> > > of
> > > > > the
> > > > > >
> > > > > > individual to whom it is addressed.
> > > > > > This email was multiple times scanned for viruses. There should
> be
> > > no
> > > > > > known virus in this email!
> > > > > > *******************************************************
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > > Transform Data into Opportunity.
> > > > > > Accelerate data analysis in your applications with
> > > > > > Intel Data Analytics Acceleration Library.
> > > > > > Click to learn more.
> > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > _______________________________________________
> > > > > > Assp-user mailing list
> > > > > > Assp-user@lists.sourceforge.net
> > > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > > instances."
> > > > >
> > > > > Nessuno mi pettina bene come il vento.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > Transform Data into Opportunity.
> > > > > Accelerate data analysis in your applications with
> > > > > Intel Data Analytics Acceleration Library.
> > > > > Click to learn more.
> > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > Assp-user@lists.sourceforge.net
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > DISCLAIMER:
> > > > > *******************************************************
> > > > > This email and any files transmitted with it may be confidential,
> > > > legally
> > > > > privileged and protected in law and are intended solely for the
> use
> > of
> > > > the
> > > > >
> > > > > individual to whom it is addressed.
> > > > > This email was multiple times scanned for viruses. There should be
> > no
> > > > > known virus in this email!
> > > > > *******************************************************
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > > Transform Data into Opportunity.
> > > > > Accelerate data analysis in your applications with
> > > > > Intel Data Analytics Acceleration Library.
> > > > > Click to learn more.
> > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > Assp-user@lists.sourceforge.net
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > instances."
> > > >
> > > > Nessuno mi pettina bene come il vento.
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > Transform Data into Opportunity.
> > > > Accelerate data analysis in your applications with
> > > > Intel Data Analytics Acceleration Library.
> > > > Click to learn more.
> > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > Assp-user@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > > legally
> > > > privileged and protected in law and are intended solely for the use
> of
> > > the
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be
> no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > > Transform Data into Opportunity.
> > > > Accelerate data analysis in your applications with
> > > > Intel Data Analytics Acceleration Library.
> > > > Click to learn more.
> > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > Assp-user@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > >
> > >
> > > --
> > > "Madness, like small fish, runs in hosts, in vast numbers of
> instances."
> > >
> > > Nessuno mi pettina bene come il vento.
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > Transform Data into Opportunity.
> > > Accelerate data analysis in your applications with
> > > Intel Data Analytics Acceleration Library.
> > > Click to learn more.
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > _______________________________________________
> > > Assp-user mailing list
> > > Assp-user@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use of
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > Transform Data into Opportunity.
> > > Accelerate data analysis in your applications with
> > > Intel Data Analytics Acceleration Library.
> > > Click to learn more.
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > _______________________________________________
> > > Assp-user mailing list
> > > Assp-user@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> >
> >
> > --
> > "Madness, like small fish, runs in hosts, in vast numbers of instances."
> >
> > Nessuno mi pettina bene come il vento.
> >
> >
>
> ------------------------------------------------------------------------------
> > Transform Data into Opportunity.
> > Accelerate data analysis in your applications with
> > Intel Data Analytics Acceleration Library.
> > Click to learn more.
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > _______________________________________________
> > Assp-user mailing list
> > Assp-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
> >
>
> ------------------------------------------------------------------------------
> > Transform Data into Opportunity.
> > Accelerate data analysis in your applications with
> > Intel Data Analytics Acceleration Library.
> > Click to learn more.
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > _______________________________________________
> > Assp-user mailing list
> > Assp-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
>
>
> --
> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>
> Nessuno mi pettina bene come il vento.
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>


-- 
"Madness, like small fish, runs in hosts, in vast numbers of instances."

Nessuno mi pettina bene come il vento.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to