[Bug 1029710] New: Amavisd fails to identify attached zipped files with .exe extensions

bugzilla at redhat.com bugzilla at redhat.com
Wed Nov 13 00:49:14 UTC 2013 

https://bugzilla.redhat.com/show_bug.cgi?id=1029710

            Bug ID: 1029710
           Summary: Amavisd fails to identify attached zipped files with
                    .exe extensions
           Product: Fedora EPEL
           Version: el6
         Component: amavisd-new
          Severity: medium
          Assignee: steve at silug.org
          Reporter: s10dal at elrepo.org
        QA Contact: extras-qa at fedoraproject.org
                CC: janfrode at tanso.net, kanarip at kanarip.com,
                    perl-devel at lists.fedoraproject.org, steve at silug.org



Description of problem:

Mail attachments containing zipped files with .exe extensions are not properly
identified due to a failure of 7za (p7zip) as called by amavisd to correctly
list the contents of the zipped file. Based on maillog errors, the failure
appears to be due to an improperly composed 7za option, specifically -w not
being separated from the target by a separator (e.g., space character).

Manually executing 7za using the options noted in the maillog error (see below)
demonstrates the need to insert a separator between the -w option and the
target.

  Fails: $ 7za l -slt -w./contains_exe.zip

  Works: $ 7za l -slt -w ./contains_exe.zip

Also, this issue may be specific to EL6. This issue came to my attention
because an EL6 mail server acting as a Backup MX for an EL5 mail server was
forwarding zipped exe attachments, which were correctly identified and
quarantined on the EL5 system.


Version-Release number of selected component (if applicable):

# uname -rpmi
2.6.32-358.23.2.el6.i686 i686 i686 i386

# rpm -q amavisd-new p7zip
amavisd-new-2.8.0-4.el6.noarch
p7zip-9.20.1-2.el6.i686


How reproducible:

Very. Observed on 3 EL6 mail servers.


Steps to Reproduce:

1. Install/configure postfix, amavisd-new, clam\*, etc.
2. Create a test attachment:
   $ touch test.exe
   $ 7za a -tzip test_exe.zip test.exe
3. Send a mail with test_exe.zip attached
4. Check /var/log/maillog for the specific error


Actual results:

 From /var/log/maillog:

Nov 12 17:17:46 Mail amavis[1568]: (28807-12) (!)run_command: child process
[1568]: run_command: failed to exec /usr/bin/7za l -slt
-w/var/spool/amavisd/tmp/amavis-20131112T051218-28807-HPbWePoN/parts --
/var/spool/amavisd/tmp/amavis-20131112T051218-28807-HPbWePoN/parts/p002: 13 at
/usr/sbin/amavisd line 4062.

Nov 12 17:17:46 Mail amavis[28807]: (28807-12) (!)Decoding of p002 (Zip archive
data, at least v1.0 to extract) failed, leaving it unpacked: do_7zip: can't get
a list of archive members: exit 6;  at (eval 117) line 781.


Expected results:

Identify zipped exe file as such.


Additional info:

It may not be relevant to the observed error, but 8 months ago, amavisd-new and
clam\* were converted from RepoForge/RPMforge versions to EPEL versions. Except
for a few initial hiccups, the mail servers have been running without apparent
issues until the current 7za issue was observed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=KMKdGzsZdn&a=cc_unsubscribe

More information about the perl-devel mailing list