[AMaViS-user] amavisd-new 2.2 virus not found (unzip error)
This is a discussion on [AMaViS-user] amavisd-new 2.2 virus not found (unzip error) within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C51E64.34A77600 Content-Type: text/plain; charset="iso-8859-2&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-04-2005
|
|||
|
|||
[AMaViS-user] amavisd-new 2.2 virus not found (unzip error)
This is a multi-part message in MIME format.
------=_NextPart_000_000A_01C51E64.34A77600 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable hi! i have two diff amavis setup 1. postfix amavisd-new 2.2.0 (double extensios banned) do_executable/do_unzip failed, ignoring: format error: bad signature: = 0x00905a4d at offset 0 ... do_executable/do_unrar failed, ignoring: format error: bad signature: = 0x00905a4d at offset 0 ... p.path BANNED:1: "P=3Dp003,L=3D1,M=3Dmultipart/mixed | = P=3Dp002,L=3D1/2,M=3Dapplication/octet-stream,T=3Dzip,N=3Dpatch_help-text= ..zipp | =3Dp004,L=3D1/2/1,T=3Dexe,T=3Dexe-ms,N=3Ddoc_data-text.txt. = pif banned because of double extension 2. dual sendmail setup amavisd-new 2.2.1 (double extensios allowed) this one doest not cach the same virus here is the log report do_executable/do_unzip failed, ignoring: format error: bad signature: = 0x00905a4d at offset 0 ... do_executable/do_unrar failed, ignoring: format error: bad signature: = 0x00905a4d at offset 0 ... .... FWD via SMTP: [127.0.0.1]:10025... the attachment look like does not compressed at all i see it's starting = with exe header "MZ....This program cannot be run in DOS mode..." if i run unzip on the file it uncompress without any error clamav itself can find the virus in the zip and in the uncompressed = txt.pif Worm.Sober.K thanks ------=_NextPart_000_000A_01C51E64.34A77600 Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-2"> <META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>hi!</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>i have two diff amavis = setup</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>1. postfix amavisd-new 2.2.0 (double = extensios=20 banned)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2> <DIV><FONT face=3DArial size=3D2>do_executable/do_unzip failed, = ignoring: format=20 error: bad signature: 0x00905a4d at offset 0 = ....<BR>do_executable/do_unrar=20 failed, ignoring: format error: bad signature: 0x00905a4d at offset 0=20 ....</FONT></DIV></FONT></DIV> <DIV><FONT face=3DArial size=3D2>p.path BANNED:1: = "P=3Dp003,L=3D1,M=3Dmultipart/mixed |=20 P=3Dp002,L=3D1/2,M=3Dapplication/octet-stream,T=3Dzip,N=3Dpatch_help-text= ..zipp |=20 =3Dp004,L=3D1/2/1,T=3Dexe,T=3Dexe-ms,N=3Ddoc_data-text.txt. &n= bsp; &nbs p; &nb= sp;=20 pif</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>banned because of double = extension</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2> <DIV><FONT face=3DArial size=3D2>2. dual sendmail setup amavisd-new = 2.2.1=20 (double extensios allowed)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>this one doest not cach the=20 same virus here is the log report</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2> <DIV><FONT face=3DArial size=3D2>do_executable/do_unzip failed, = ignoring: format=20 error: bad signature: 0x00905a4d at offset 0 = ....<BR>do_executable/do_unrar=20 failed, ignoring: format error: bad signature: 0x00905a4d at offset 0=20 ....</FONT></DIV></FONT></DIV> <DIV>... FWD via SMTP: [127.0.0.1]:10025...</DIV> <DIV> </DIV> <DIV>the attachment look like does not compressed at all i see it's = starting=20 with exe header "MZ....This program cannot be run in DOS mode..."</DIV> <DIV> </DIV> <DIV>if i run unzip on the file it uncompress without any error</DIV> <DIV> </DIV> <DIV>clamav itself can find the virus in the zip and in the uncompressed = txt.pif</DIV> <DIV>Worm.Sober.K</DIV> <DIV> </DIV> <DIV>thanks</DIV> <DIV> </DIV> <DIV></FONT> </DIV></DIV></BODY></HTML> ------=_NextPart_000_000A_01C51E64.34A77600-- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
