[Mimedefang] exe in defective zip attachments gettingthrough mimedefang
Cliff Hayes
chayes at afo.net
Thu Jan 14 13:40:39 EST 2010
Reference my last email ... I wasn't very clear.
Here is the original code:
sub re_match_in_zip_directory ($$) {
my($zipname, $regexp) = @_;
unless ($Features{"Archive::Zip"}) {
md_syslog('err', "$MsgID: Attempted to use
re_match_in_zip_directory, but Perl module Archive::Zip is not installed.");
return 0;
}
my $zip = Archive::Zip->new();
# Prevent carping about errors
Archive::Zip::setErrorHandler(\&dummy_zip_error_handler);
if ($zip->read($zipname) == AZ_OK()) {
foreach my $member ($zip->members()) {
my $file = $member->fileName();
return 1 if ($file =~ /$regexp/i);
}
}
return 0;
}
=== HERE IS MY SUGGESTION: === (added test for AZ_STREAM_END and FAIL all
other codes)
sub re_match_in_zip_directory ($$) {
my($zipname, $regexp) = @_;
unless ($Features{"Archive::Zip"}) {
md_syslog('err', "$MsgID: Attempted to use
re_match_in_zip_directory, but Perl module Archive::Zip is not installed.");
return 0;
}
my $zip = Archive::Zip->new();
# Prevent carping about errors
Archive::Zip::setErrorHandler(\&dummy_zip_error_handler);
my($archiveZipResults) = $zip->read($zipname);
if (($archiveZipResults == AZ_OK())||($archiveZipResults ==
AZ_STREAM_END())) {
foreach my $member ($zip->members()) {
my $file = $member->fileName();
return 1 if ($file =~ /$regexp/i);
}
} else { return 1; }
}
-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com]On Behalf Of Dave
O'Neill
Sent: Thursday, January 14, 2010 11:10 AM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] exe in defective zip attachments
gettingthrough mimedefang
On Thu, Jan 14, 2010 at 10:54:14AM -0600, Cliff Hayes wrote:
> if Archive::Zip doesn't return an AZ_OK then mimedefang lets the
attachment
> through. From what I could find out, if Archive::Zip doesn't return AZ_OK
> then there is a problem with the zip file. I'd rather block defective zip
> files then let them through. In the code below, I substituted "return 0;"
> with "else { return 1; }" and that solved my problem. Now good zips still
> go through, zips with exe's get replaced with warning, and defective
(hacked
> I'm assuming) get replaced with warnings too. I'm surprised that standard
> procedure is to let defective zips through. Or am I understanding this
> wrong?
What value is ->read() returning? It might be nice to check the status
value and determine if it's failing due to a corrupt zip file, or simply
due to a zip format that Archive::Zip doesn't recognize.
If you can grab a sample of the zip in question and send it to me
offlist, I'll take a look.
Cheers,
Dave
--
Dave O'Neill <dmo at roaringpenguin.com> Roaring Penguin Software Inc.
+1 (613) 231-6599 http://www.roaringpenguin.com/
For CanIt technical support, please mail: support at roaringpenguin.com
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.725 / Virus Database: 270.14.139/2619 - Release Date: 01/14/10
01:35:00
More information about the MIMEDefang
mailing list