Release 8.6.0_GA_1153.RHEL6_64_20141215151155 RHEL6_64 FOSS edition, Patch 8.6.0_P6.
Recently we have been receiving quite a lot of .js and .wsf files wrapped in zip archives. Amavisd has been doing a good job qyuarantining all of these.
This morning, however, I received a similar email but this time the wrapper is a .rar archive. Amavisd did not quarantine this one.
I am guessing that my server does not have a utility loaded that can open a .rar file but, it may also be that the default amavisd configuration does not look for these.
Can alyone tell me what I need to install/configure so that the server can scan inside .rar and .7z extensions in the same way it does with .zip files. I would prefer not to block the extensions entirely.
Thanks
[SOLVED] 8.6_P6 on CentOS 6. How to stop wsf/js files in rar archives
-
- Elite member
- Posts: 1096
- Joined: Sat Sep 13, 2014 12:47 am
[SOLVED] 8.6_P6 on CentOS 6. How to stop wsf/js files in rar archives
Last edited by liverpoolfcfan on Fri Sep 30, 2016 10:34 am, edited 1 time in total.
-
- Elite member
- Posts: 1096
- Joined: Sat Sep 13, 2014 12:47 am
Re: 8.6_P6 on CentOS 6. How to stop wsf/js files in rar archives
I will answer my own question.
unrar is available from the repoforge respoitory (pkgs.repoforge.org). The original repository is down at present but it in the process of being made available again - see this thread for the temporary location of the repository https://github.com/repoforge/rpms/issues/375
Note: Do NOT install unrar 5 with zimbra 8.6 - The output format of the archive listings is incompatible with the version of amavisd shipped in zimbra 8.6 so the files will come through marked as "** UNCHECKED **". I installed the latest release of unrar 4 from the list and it is working as expected. wsf and js files within the archive cause it to be quarantined.
In researching this issue I also found that amavisd looks for 7zip to open some archives. I took the opportunity to add that to the server also. In this case it was available from the CentOS epel repository using "yum install p7zip"
unrar is available from the repoforge respoitory (pkgs.repoforge.org). The original repository is down at present but it in the process of being made available again - see this thread for the temporary location of the repository https://github.com/repoforge/rpms/issues/375
Note: Do NOT install unrar 5 with zimbra 8.6 - The output format of the archive listings is incompatible with the version of amavisd shipped in zimbra 8.6 so the files will come through marked as "** UNCHECKED **". I installed the latest release of unrar 4 from the list and it is working as expected. wsf and js files within the archive cause it to be quarantined.
In researching this issue I also found that amavisd looks for 7zip to open some archives. I took the opportunity to add that to the server also. In this case it was available from the CentOS epel repository using "yum install p7zip"