[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qmail-scanner-general
Subject:    RE: [Qmail-scanner-general]unzipping and uvscan
From:       john crawford <jmc-qscanner () sociology ! osu ! edu>
Date:       2003-06-26 15:22:38
[Download RAW message or body]

At 10:01 AM 6/26/2003, Dallas L. Engelken wrote:
> > -----Original Message-----
> > From: John Crawford [mailto:jmc-qscanner@sociology.osu.edu]
> > Sent: Wednesday, June 25, 2003 9:27 PM
> > To: qmail-scanner-general@lists.sourceforge.net
> > Subject: [Qmail-scanner-general]unzipping and uvscan
> >
> >
> > Hi.
> >
> > qmail-scanner 1.16 source comments seem to think mcafee's
> > uvscan does not unzip. I think recent versions I've
> > encountered do unzip. Does anyone have recent experience to
> > the contrary? Perhaps the source should be modified in this regard.
> >
> > Also, I've discovered that with $force_unzip of true (or 1),
> > the rejected suffix / db search for rejected filenames has
> > effect within the zip files. (Otherwise not).
> >
>
>engine 4240.  q-s runs uvscan with --secure, which automatically calls
>--unzip and --analyze on uvscan.  therefore, you can turn off "unzip" in
>q-s and save those resources.
>
>--secure
>               Examine all files, unzip archive files and use heuristic
>analysis.  This option activates the --unzip and --ana-
>               lyze options. If the --selected or --extensions options
>are in the command line, they are ignored.
>
>the 4240 added two nice features that will allow you to turn off
>"redunant scanning" in q-s and save more resources.
>
>        --mime
>               Scan MIME-encoded files.  This type of file is not scanned
>by default.
>
>        --mailbox
>               Turn  on  scanning  of  plain-text mailboxes such as
>Eudora, PINE, and Netscape.  Most mailboxes will be in MIME
>               format, and therefore the --mime option is also required.

Thank you for pointing this out.


>note: when you turn off unzip and redundant_scanning in q-s, you will
>not be able to use the perlscan features, but if you are just going for
>anti-virus and/or spam, you dont need it.

Well, I think the perlscan features work at the outer level (if my
test was correct). If a file is encoded but not internal
to a zip file, the Disallowed attachment types
are caught when $redundant_scanning and $force_unzip are false.
This is, in fact, the behavior one could desire. If you want to permit
disallowed types only in archive/zip files, this is the way to go.

John


>dallas



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
[prev in list] [next in list] [prev in thread] [next in thread]