[Mimedefang] fpscan temp reject on encrypted attachment
Gary Forrest
garyf at netnorth.co.uk
Fri Oct 14 11:32:39 EDT 2011
Hello all
We use a number of FreeBSD 8 servers to scan inbound email,
Sendmail v8.14.5, mimedefang milter, mimedefang 2.72
f-prot 6.2.1 (engine version 4.4.2.54)
Today we have received a 136Mb email containing a encrypted attachment.
This is being temp-failed, with a return code of 64 from FPScan, causing
the sending system to re-send the email etc.
Looking into the code within mimedefang.pl
Using Virus:FPSCAN to check mails in mimedefang.pl, the handler code in
the function 'interpret_fpscan_code()' returns 'swerr','tempfail' for
return code 64 within the following code snippet from mimedefang.pl:
# bit 7 (64) ==> At least one object was not scanned (encrypted
# file, unsupported/unknown compression method,
# corrupted or invalid file).
if ($code & 0b1000000) {
return ($code, 'swerr', 'tempfail');
}
Comparing the above to FPROTD6 (similar scanner, different invocation
method, same return codes), the fprotd6 code allows code 64 through
unlike the above. This is what I would expect the fpscan results to match.
Surely ( ? ) the default should be to allow an encrypted file through -
and if not it should permfail it rather than tempfail as the outcome of
the scanner should be identical with each run (the attachment will
always be encrypted)
Is there a specific reason why it tempfails?
Thanks in advance
Gary
--
|Gary Forrest
|(Director)
|Email: garyf at netnorth.co.uk
|Tel: 0845 058 2001
|Fax: 01204 900719
|
|Netnorth Limited
|Units 7 and 8 Queensbrook
|Bolton Technology Exchange
|Spa Road
|Bolton
|BL1 4AY
|
|Sales queries: sales at netnorth.co.uk
|Domain name queries: domains at netnorth.co.uk
|Support queries: support at netnorth.co.uk
|Accounts queries: accounts at netnorth.co.uk
More information about the MIMEDefang
mailing list