#4 configure which archive formats are used

closed
nobody
None
1
2001-08-12
2001-08-10
Anonymous
No

Would it be possible to add configuration options that
say what file types are supported? This should be a
tristate option for each file type since for a file
type you can:
1) analyse the file
2) let the file through
3) always reject the file

Eg. I wish not to analyse arc files and would like to
quarantine all mails containing arc files.

I picked arc as an example since the code has several
buffer overruns. Also by embedding a newline in a
filename in the archive, an attacker can stop amavis
from analysing all of the archive.

Discussion

  • Lars Hecking
    Lars Hecking
    2001-08-12

    Logged In: YES
    user_id=28904

    You can disable archivers by setting the corresponding
    variable to "" (in amavisd, you can use the config file),
    but that only means that the full archive is passed on
    to the virus scanner. Which is not what you want ...

    If you submit a patch, or example code, we'll take a look
    at it, but other than that I'm not treating this as a
    priority issue.

     
  • Lars Hecking
    Lars Hecking
    2001-08-12

    • priority: 5 --> 1
    • status: open --> closed