RE: [Qmail-scanner-general]unzipping and uvscan

[john crawford]

At 10:01 AM 6/26/2003, Dallas L. Engelken wrote:
> -----Original Message-----
> From: John Crawford [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 25, 2003 9:27 PM
> To: [EMAIL PROTECTED]
> Subject: [Qmail-scanner-general]unzipping and uvscan
>
>
> Hi.
>
> qmail-scanner 1.16 source comments seem to think mcafee's
> uvscan does not unzip. I think recent versions I've
> encountered do unzip. Does anyone have recent experience to
> the contrary? Perhaps the source should be modified in this regard.
>
> Also, I've discovered that with $force_unzip of true (or 1),
> the rejected suffix / db search for rejected filenames has
> effect within the zip files. (Otherwise not).
>
engine 4240.  q-s runs uvscan with --secure, which automatically calls
--unzip and --analyze on uvscan.  therefore, you can turn off "unzip" in
q-s and save those resources.
--secure
              Examine all files, unzip archive files and use heuristic
analysis.  This option activates the --unzip and --ana-
              lyze options. If the --selected or --extensions options
are in the command line, they are ignored.
the 4240 added two nice features that will allow you to turn off
"redunant scanning" in q-s and save more resources.
       --mime
              Scan MIME-encoded files.  This type of file is not scanned
by default.
       --mailbox
              Turn  on  scanning  of  plain-text mailboxes such as
Eudora, PINE, and Netscape.  Most mailboxes will be in MIME
              format, and therefore the --mime option is also required.
Thank you for pointing this out.


note: when you turn off unzip and redundant_scanning in q-s, you will
not be able to use the perlscan features, but if you are just going for
anti-virus and/or spam, you dont need it.
Well, I think the perlscan features work at the outer level (if my
test was correct). If a file is encoded but not internal
to a zip file, the Disallowed attachment types
are caught when $redundant_scanning and $force_unzip are false.
This is, in fact, the behavior one could desire. If you want to permit
disallowed types only in archive/zip files, this is the way to go.
John


dallas


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general