Hi list,
we recently started to use Avast as malware scanner in exim. I
discovered that (attached) password protected archives are handled
differently when using Avast in exim as av_scanner compared to clamav
and Kaspersky:
Avast reports error "Archive is password protected" about such a file,
which exim handles as a reported malware (in strict mode). This results
in a reject as malware by our exim setup. When using clamav or
Kaspersky, a mail with such an attachment is passed. This might be
intentional in general but in our setup, mails like this should be passed.
I developed and tested a small patch for exim that allows to configure
this behavior with a new av_scanner option "pass_pwarchives" similar to
"pass_unscanned". The patch was developed and tested for exim-4.92 but
it seems to (at least) apply for the current version too.
I would appreciate if you could integrate this patch (or it's idea) in
the next release. Feel free to adopt the code if it does not suite your
quality standards, coding style or anything else.
Best,
--
Patrick Cernko <pcernko@mpi-klsb.mpg.de>
Joint Administration: Information Services and Technology
Max-Planck-Institute für Informatik & Softwaresysteme
we recently started to use Avast as malware scanner in exim. I
discovered that (attached) password protected archives are handled
differently when using Avast in exim as av_scanner compared to clamav
and Kaspersky:
Avast reports error "Archive is password protected" about such a file,
which exim handles as a reported malware (in strict mode). This results
in a reject as malware by our exim setup. When using clamav or
Kaspersky, a mail with such an attachment is passed. This might be
intentional in general but in our setup, mails like this should be passed.
I developed and tested a small patch for exim that allows to configure
this behavior with a new av_scanner option "pass_pwarchives" similar to
"pass_unscanned". The patch was developed and tested for exim-4.92 but
it seems to (at least) apply for the current version too.
I would appreciate if you could integrate this patch (or it's idea) in
the next release. Feel free to adopt the code if it does not suite your
quality standards, coding style or anything else.
Best,
--
Patrick Cernko <pcernko@mpi-klsb.mpg.de>
Joint Administration: Information Services and Technology
Max-Planck-Institute für Informatik & Softwaresysteme
Attached Files:
-
exim-4.92_avast_pass_pwarchive.diff (2.04 KB)
-
smime.p7s (5.23 KB)