[Mimedefang] exe in defective zip attachments getting through mimedefang

Dave O'Neill dmo at roaringpenguin.com
Thu Jan 14 12:09:52 EST 2010


On Thu, Jan 14, 2010 at 10:54:14AM -0600, Cliff Hayes wrote:
> if Archive::Zip doesn't return an AZ_OK then mimedefang lets the attachment
> through.  From what I could find out, if Archive::Zip doesn't return AZ_OK
> then there is a problem with the zip file.  I'd rather block defective zip
> files then let them through.  In the code below, I substituted "return 0;"
> with "else { return 1; }" and that solved my problem.  Now good zips still
> go through, zips with exe's get replaced with warning, and defective (hacked
> I'm assuming) get replaced with warnings too.  I'm surprised that standard
> procedure is to let defective zips through.  Or am I understanding this
> wrong?

What value is ->read() returning?  It might be nice to check the status 
value and determine if it's failing due to a corrupt zip file, or simply 
due to a zip format that Archive::Zip doesn't recognize.

If you can grab a sample of the zip in question and send it to me 
offlist, I'll take a look.

Cheers,
Dave
-- 
Dave O'Neill <dmo at roaringpenguin.com>    Roaring Penguin Software Inc.
+1 (613) 231-6599                        http://www.roaringpenguin.com/
For CanIt technical support, please mail: support at roaringpenguin.com



More information about the MIMEDefang mailing list