Enable ClamAv Scanning of Compressed Attachments

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply

Do you need this feature?

Yes
46
90%
No
5
10%
 
Total votes: 51
User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:
Contact martin

Enable ClamAv Scanning of Compressed Attachments

Post by martin » 2005-03-04 23:44

Viruses are cabable of being delivered to their recipients. Instead of telling the end user that all emails are scanned for viruses except those with compressed .zip. .tar etc. etc. - enable ClamAv scanning of compressed attachments.

Original location:
http://www.hmailserver.com/tracker/?do=details&id=154
Top
User avatar
olger901
Normal user
Normal user
Posts: 186
Joined: 2004-02-07 20:44

Post by olger901 » 2005-03-05 00:15

Would be good if ClamAV could scan compressed attachments, but I am not sure if ClamAV supports it, if it does it's up to hMailServer to implent it but if it doesn't, it will need to be implented in ClamAV first before it can be implented in hMailServer.
Top
User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:
Contact martin

Post by martin » 2005-03-05 00:17

Yup it supports it. If I'm not wrong, it's just a flag that should be sent to the executable. Like /scancompressedfiles or something like that. So it should be rather easy to implement.
Top
GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Post by GlenC » 2005-03-05 16:16

When I was using ClamWin it scanned .zip files by default (IIRC).
Top
User avatar
TheAngryPenguin
Senior user
Senior user
Posts: 341
Joined: 2004-10-11 20:51

Post by TheAngryPenguin » 2005-03-07 06:52

IMO, this is a given.
Top
tweakerbee
New user
New user
Posts: 11
Joined: 2005-02-28 19:05

Post by tweakerbee » 2005-03-07 18:24

Make it optional. That way the user can decide for himself if he wants to 'waste' CPU cycles on it.
Top
User avatar
carlinhos
New user
New user
Posts: 28
Joined: 2004-09-13 13:07
Location: Valencia, Spain
Contact:
Contact carlinhos

Post by carlinhos » 2005-03-23 16:57

I don´t know if I did something special configuring ClamAV but allways scanned compressed files (at least ZIP and RAR, other formats don´t know)

Greetings.
Top
User avatar
Bram
Senior user
Senior user
Posts: 417
Joined: 2004-05-24 22:57
Location: The Netherlands
Contact:
Contact Bram

Post by Bram » 2005-03-23 17:06

That is true, but the standard installation of clamwin (not SOSDG) does not scan compressed files.
hmailserver 4.3 (242 Live)
hmailserver 5.0 (605 Test)
Windows 2003
MSSQL
ASSP 1.3.2
ClamAV (SOSDG)
http://www.realdesign.nl
Top
User avatar
Bingo
Normal user
Normal user
Posts: 92
Joined: 2005-01-27 11:43

Post by Bingo » 2005-03-29 10:26

I think that I had an installation of ClamAV (SOSDG) that did successfully scan emails with compressed attachments, but I can't get it to work anymore !!!
I changed my configuration to use the daemon instead of the command line tool (because the latest uses a lot of CPU, something like 1.5 second per email, when the daemon only uses 0.03 seconds). Now I can't find viruses in compressed attachments anymore.
BUT I can successfully find viruses in compressed files !!!

Example :

Email file containing the uncompressed eicar.com file :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicar.eml"
D:\hMailServer\Data\eicar.eml: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.038 sec (0 m 0 s)

Email file containing the uncompressed eicar_com.zip file :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicar_com.eml"
D:\hMailServer\Data\eicar_com.eml: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.032 sec (0 m 0 s)
Normal archive scan :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicar_com.zip"
D:\hMailServer\Data\eicar_com.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.025 sec (0 m 0 s)
And even with recursive archives :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicarcom2.zip"
D:\hMailServer\Data\eicarcom2.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.027 sec (0 m 0 s)
Top
maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-19 23:16

So did anyone get a consistant configuration to scan zip attachments??? I am searching all the forums and comming up with no solutions.

HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Top
User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:
Contact martin

Post by martin » 2005-12-19 23:22

I think the ! on your keyboard has locked itself. "Official" support for compressed attachments will be enabled in the next hMailServer version. I'm sure you can achive it in earlier versions as well, but it probably requires you to create an own bat script and use that as an external virus scanner.
Top
maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 00:18

If I can not scan zips, how can I block them all together
Top
User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:
Contact martin

Post by martin » 2005-12-20 00:20

You would have to write a VBA script for that. So it's probably easier to create a bat-script that actually scans them instead.

Have you confirmed that your ClamWin-hMailServer-integration works for normal uncompressed viruses?
Top
maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 00:43

Out of the 25 webmail.us test with eicar, 11 of them came through undetected. They were all of the zip attachments.
Top
User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:
Contact martin

Post by martin » 2005-12-20 00:46

Have you tried creating the C:\cygwin\tmp directory?
What is the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/tmp set to?
Top
maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 01:25

Sorry, but I am a beginner on this hmail. If I create a bat file that hmail calls for the external scanner, how will hmail get the return value.
Top
maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 01:28

I already have a c:\cygwin\tmp dir.
I do not have a /tmp key under mounts v2 ?
Top
User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:
Contact martin

Post by martin » 2005-12-20 21:39

I was able to get scanning of zip to work by adding the following to a file called clamwin.reg, then doubleclicking on that file to import it into the registry

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"TMPDIR"="/cygdrive/c/clamav-devel/tmp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2]
"cygdrive prefix"="/cygdrive"
"cygdrive flags"=dword:00000022 (hex 22, dec 34)

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/tmp]
"native"="C:\\temp"
"flags"=dword:0000000a
Top
maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-21 01:40

So, I am a little confused. Are you using ClamAV for windows, or ClamWin or are they the same?
Top
GotNet
Normal user
Normal user
Posts: 207
Joined: 2005-04-16 20:52
Contact:
Contact GotNet

Post by GotNet » 2005-12-21 20:06

martin wrote:I was able to get scanning of zip to work by adding the following to a file called clamwin.reg, then doubleclicking on that file to import it into the registry

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"TMPDIR"="/cygdrive/c/clamav-devel/tmp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2]
"cygdrive prefix"="/cygdrive"
"cygdrive flags"=dword:00000022 (hex 22, dec 34)

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/tmp]
"native"="C:\\temp"
"flags"=dword:0000000a
Confirmed this works: 4.2 B181 / clamwin 0.87.1. win2kpro
-------------------------------------------------------------------------------------------------
VIRUS DETECTED:
The attachment(s) of this message was removed since a virus
was detected in at least one of them.
-------------------------------------------------------------------------------------------------

:)

Mike
Top
User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:
Contact Slug

Post by Slug » 2006-04-19 18:32

Hi all
With the latest clamwin update (0.88.1) and hMailServer 4.2.2 B199 or later, Hmailserver is scanning zip files with no other tweeks or scripts for me. So can any one else confirm or deny that this is the case ? Because if this is the case then this can be move to "implemented even though its not" (as Martin says).

Michael
Missing Hmailserver ... Now running Debian servers
Top
Post Reply

Return to “Archived feature requests”