[AMaViS-user] BANNED CONTENTS from WinZip nested folders?

I have zip files banned from going through my server, unless they are
encrypted.

Everything was working fine until recently. It appears that archives
created with WinZip V10 (And maybe WinZip V9) fail the checks if the
archive contains any files that reside within nested folders.

If I send a normal file, encrypted, it gets through, if I add a file
that is within a folder, (encrypted) the content checker stops it with a
message like below;


Our content checker found
banned name: multipart/mixed |
application/x-zip-compressed,.zip,winziptest3.zip | ISPOne XML/
in email presumably from you (<User@domain.test>),


Note: the "ISPOne XML/" is a folder that contains other files (Encrypted).



Why is this so, anyone have a fix? is this Amavis's fault, or WinZips?
I cannot see any reference to this in later amavisd-new releases 2.3.1
or later

It is causing grief.



using: amavisd-new-2.3.0 (20050424)

relevant part of amavisd.conf attached below for reference;


$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
# Allow if it is or contains any undecipherable components:
[ qr'^UNDECIPHERABLE$'=> 0 ],

# block certain double extensions anywhere in the base name
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID

qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,

# qr'^message/partial$'i, # rfc2046 MIME type
# qr'^message/external-body$'i, # rfc2046 MIME type

[ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives

# qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf |exe|fxp|grp|hlp|hta|
inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc |msi|msp|mst|
ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
wmf|wsc|wsf|wsh)$'ix, # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip
vulnerab.

qr'^\.(exe-ms)$', # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
qr'^\.(exe|lha|cab|dll)$', # banned file(1) types

qr'^\.(zip|rar)$', # Block zip and rar (unless password protected -
See UNDECIPHERABLE)

);

Thanks
Darryl








-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=...486&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/