Dave, Tried to send you 2 samples; got this error "550 5.1.1 <[email protected]>... User unknown"
I checked the valuse of ->read() per your request. It is "3" which is "format error in the zip file" which is what I expected. Did some further checking and here are the possible values: AZ_OK (0) Everything is fine. AZ_STREAM_END (1) The read stream (or central directory) ended normally. AZ_ERROR (2) There was some generic kind of error. AZ_FORMAT_ERROR (3) There is a format error in a ZIP file being read. AZ_IO_ERROR (4) There was an IO error. Based on the above, shouldn't you be allowing AZ_OK and AZ_STREAM_END? Both seem to be equivalent to OK. I think I'll block 2, 3, and 4 Thanks, Cliff -----Original Message----- From: [email protected] [mailto:[email protected]]on Behalf Of Dave O'Neill Sent: Thursday, January 14, 2010 11:10 AM To: [email protected] Subject: Re: [Mimedefang] exe in defective zip attachments gettingthrough mimedefang On Thu, Jan 14, 2010 at 10:54:14AM -0600, Cliff Hayes wrote: > if Archive::Zip doesn't return an AZ_OK then mimedefang lets the attachment > through. From what I could find out, if Archive::Zip doesn't return AZ_OK > then there is a problem with the zip file. I'd rather block defective zip > files then let them through. In the code below, I substituted "return 0;" > with "else { return 1; }" and that solved my problem. Now good zips still > go through, zips with exe's get replaced with warning, and defective (hacked > I'm assuming) get replaced with warnings too. I'm surprised that standard > procedure is to let defective zips through. Or am I understanding this > wrong? What value is ->read() returning? It might be nice to check the status value and determine if it's failing due to a corrupt zip file, or simply due to a zip format that Archive::Zip doesn't recognize. If you can grab a sample of the zip in question and send it to me offlist, I'll take a look. Cheers, Dave -- Dave O'Neill <[email protected]> Roaring Penguin Software Inc. +1 (613) 231-6599 http://www.roaringpenguin.com/ For CanIt technical support, please mail: [email protected] _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.725 / Virus Database: 270.14.139/2619 - Release Date: 01/14/10 01:35:00 _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
