[Mimedefang] exe in defective zip attachments getting through mimedefang
Dave O'Neill
dmo at roaringpenguin.com
Thu Jan 14 12:09:52 EST 2010
On Thu, Jan 14, 2010 at 10:54:14AM -0600, Cliff Hayes wrote:
> if Archive::Zip doesn't return an AZ_OK then mimedefang lets the attachment
> through. From what I could find out, if Archive::Zip doesn't return AZ_OK
> then there is a problem with the zip file. I'd rather block defective zip
> files then let them through. In the code below, I substituted "return 0;"
> with "else { return 1; }" and that solved my problem. Now good zips still
> go through, zips with exe's get replaced with warning, and defective (hacked
> I'm assuming) get replaced with warnings too. I'm surprised that standard
> procedure is to let defective zips through. Or am I understanding this
> wrong?
What value is ->read() returning? It might be nice to check the status
value and determine if it's failing due to a corrupt zip file, or simply
due to a zip format that Archive::Zip doesn't recognize.
If you can grab a sample of the zip in question and send it to me
offlist, I'll take a look.
Cheers,
Dave
--
Dave O'Neill <dmo at roaringpenguin.com> Roaring Penguin Software Inc.
+1 (613) 231-6599 http://www.roaringpenguin.com/
For CanIt technical support, please mail: support at roaringpenguin.com
More information about the MIMEDefang
mailing list