[Bug 1029710] Amavisd fails to identify attached zipped files with .exe extensions

bugzilla at redhat.com bugzilla at redhat.com
Tue Jul 8 01:53:27 UTC 2014 

https://bugzilla.redhat.com/show_bug.cgi?id=1029710



--- Comment #9 from Steve Tindall <s10dal at elrepo.org> ---
Hum. This just gets stranger.

To summarize, my amavisd.conf used on your system correctly identifies and
blocks a zipped exe attachment, but fails to quarantine and send notification.
On my system, it fails to identify the zipped exe attachment unless I either
place the system in permissive mode or use SELinux local policy defined in
Comment 1 to correct the issues.


Your suggestions sounded interesting, but changing $QUARANTINEDIR as suggested
results in the same failure. Here are three definitions I tired (followed by
successful amavisd restarts):

1) $QUARANTINEDIR = "/var/virusmails";
2) $QUARANTINEDIR = undef;      # -Q
3) $QUARANTINEDIR = "/var/spool/amavisd/quarantine";

...where:

# ls -dZ /var/spool/amavisd/quarantine
drwx------. amavis amavis system_u:object_r:amavis_spool_t:s0 \
 /var/spool/amavisd/quarantine


Definitions: #1 is my original, #2 is the default definition and #3 is a
variation of your suggestion, if I understood it correctly.

The maillog error I see using option #3 is:

 amavis[11452]: (11452-02) (!)Decoding of p002 \
  (Zip archive data, at least v1.0 to extract) failed, \
  leaving it unpacked: do_7zip: can't get a list of \
  archive members: exit 6;  at (eval 117) line 781.

I also tried using the distribution default amavisd.conf with only $mydomain
and $myhostname defined/altered and it also fail to detect the zipped exe
attachment.


All four tests gave basically the same message (i.e., failed to extract).


This is really strange.


Try looking at your 7za contexts:

 # ls -dZ $(which 7za)
 -rwxr-xr-x. root root system_u:object_r:bin_t:s0 \
       /usr/bin/7za

Beyond that, I would need to think about this a while for new ideas.


In case it is relavent, the system I am using for these tests is a development
system configured with a mysql backend (PostfixAdmin) and mailman configured to
service two custom mail lists. It runs on 32-bit Scientific Linux 6 as a
virtual machine under KVM.

 # cat /etc/redhat-release
 Scientific Linux release 6.5 (Carbon)

 # uname -rpmi
 2.6.32-431.20.3.el6.i686 i686 i686 i386

 # rpm -q postfix dovecot amavisd-new clamav clamd p7zip mailman
 postfix-2.6.6-6.el6_5.i686
 dovecot-2.0.9-7.el6_5.1.i686
 amavisd-new-2.8.0-8.el6.noarch
 clamav-0.98.4-1.el6.i686
 clamd-0.98.4-1.el6.i686
 p7zip-9.20.1-2.el6.i686
 mailman-2.1.12-18.el6.i686

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SCOi4zg1IO&a=cc_unsubscribe

More information about the perl-devel mailing list