[SOLVED] 8.6_P6 on CentOS 6. How to stop wsf/js files in rar archives

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
liverpoolfcfan
Outstanding Member
Outstanding Member
Posts: 926
Joined: Sat Sep 13, 2014 12:47 am

[SOLVED] 8.6_P6 on CentOS 6. How to stop wsf/js files in rar archives

Postby liverpoolfcfan » Thu Sep 29, 2016 9:48 am

Release 8.6.0_GA_1153.RHEL6_64_20141215151155 RHEL6_64 FOSS edition, Patch 8.6.0_P6.

Recently we have been receiving quite a lot of .js and .wsf files wrapped in zip archives. Amavisd has been doing a good job qyuarantining all of these.

This morning, however, I received a similar email but this time the wrapper is a .rar archive. Amavisd did not quarantine this one.

I am guessing that my server does not have a utility loaded that can open a .rar file but, it may also be that the default amavisd configuration does not look for these.

Can alyone tell me what I need to install/configure so that the server can scan inside .rar and .7z extensions in the same way it does with .zip files. I would prefer not to block the extensions entirely.

Thanks
Last edited by liverpoolfcfan on Fri Sep 30, 2016 10:34 am, edited 1 time in total.


liverpoolfcfan
Outstanding Member
Outstanding Member
Posts: 926
Joined: Sat Sep 13, 2014 12:47 am

Re: 8.6_P6 on CentOS 6. How to stop wsf/js files in rar archives

Postby liverpoolfcfan » Fri Sep 30, 2016 9:41 am

I will answer my own question.

unrar is available from the repoforge respoitory (pkgs.repoforge.org). The original repository is down at present but it in the process of being made available again - see this thread for the temporary location of the repository https://github.com/repoforge/rpms/issues/375

Note: Do NOT install unrar 5 with zimbra 8.6 - The output format of the archive listings is incompatible with the version of amavisd shipped in zimbra 8.6 so the files will come through marked as "** UNCHECKED **". I installed the latest release of unrar 4 from the list and it is working as expected. wsf and js files within the archive cause it to be quarantined.

In researching this issue I also found that amavisd looks for 7zip to open some archives. I took the opportunity to add that to the server also. In this case it was available from the CentOS epel repository using "yum install p7zip"

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 11 guests