[Mimedefang] Block executables in 7Z archive - solution

[Tomasz Ostrowski]

We're getting a lot of trojan executables in 7Z archives lately. Like 
this one:
https://www.virustotal.com/pl/file/8f766ccb4821488c8b34abda0d472e627dba6f1d261073852e079c66313a9f11/analysis/

I've added a code to my mimedefang-filter based on 
suggested-minimum-filter-for-windows-clients in filter_bad_filename 
which tests for this. I'd like to share:

# Look inside 7Z files
if (re_match($entity, '\.7z$') ) {
     my $bh = $entity->bodyhandle();
     if (defined($bh)) {
         my $path = $bh->path();
         if (defined($path)) {
             my($code, $category, $action) =
                 run_virus_scanner( "7za l -slt -bd -p -y -- $path" );
                 if ($action ne 'proceed') {
                     return $code;
                 }
                 if ($code) {
                     return $code;
                 }
                 return 1 if $VirusScannerMessages =~ /$re/im;
         }
     }
}

This requires 7za program (from p7zip package) installed on server. This 
will also block 7z archives with encrypted filenames.

Regards
Tometzky
-- 
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
                                                       Winnie the Pooh