[Mimedefang] Zip --> Zip --> PIF

David F. Skoll dfs at roaringpenguin.com
Fri Feb 18 21:38:06 EST 2005

On Fri, 18 Feb 2005, David Eisner wrote:

> The problem is that in general there is a delay between the time a virus
> outbreak occurs, and the time that virus scanners have updated DATs that
> detect it.  That's one of the great things about Mimedefang -- it
> removes the potentially harmful attachment during this window.

MIMEDefang won't recursively scan a zip file.

To scan the "table of contents" of a zip file is relatively safe, and
if you have Archive::Zip, you can use re_match_in_zip_directory to detect
"dangerous" files in a zip.

However, to actually decompress a zip file is not safe (decompression
bombs can hurt), so we don't do that.



More information about the MIMEDefang mailing list