Enable ClamAv Scanning of Compressed Attachments

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply

Do you need this feature?

Yes
46
90%
No
5
10%
 
Total votes: 51

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Enable ClamAv Scanning of Compressed Attachments

Post by martin » 2005-03-04 23:44

Viruses are cabable of being delivered to their recipients. Instead of telling the end user that all emails are scanned for viruses except those with compressed .zip. .tar etc. etc. - enable ClamAv scanning of compressed attachments.

Original location:
http://www.hmailserver.com/tracker/?do=details&id=154

User avatar
olger901
Normal user
Normal user
Posts: 186
Joined: 2004-02-07 20:44

Post by olger901 » 2005-03-05 00:15

Would be good if ClamAV could scan compressed attachments, but I am not sure if ClamAV supports it, if it does it's up to hMailServer to implent it but if it doesn't, it will need to be implented in ClamAV first before it can be implented in hMailServer.

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-03-05 00:17

Yup it supports it. If I'm not wrong, it's just a flag that should be sent to the executable. Like /scancompressedfiles or something like that. So it should be rather easy to implement.

GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Post by GlenC » 2005-03-05 16:16

When I was using ClamWin it scanned .zip files by default (IIRC).

User avatar
TheAngryPenguin
Senior user
Senior user
Posts: 341
Joined: 2004-10-11 20:51

Post by TheAngryPenguin » 2005-03-07 06:52

IMO, this is a given.

tweakerbee
New user
New user
Posts: 11
Joined: 2005-02-28 19:05

Post by tweakerbee » 2005-03-07 18:24

Make it optional. That way the user can decide for himself if he wants to 'waste' CPU cycles on it.

User avatar
carlinhos
New user
New user
Posts: 28
Joined: 2004-09-13 13:07
Location: Valencia, Spain
Contact:

Post by carlinhos » 2005-03-23 16:57

I don´t know if I did something special configuring ClamAV but allways scanned compressed files (at least ZIP and RAR, other formats don´t know)

Greetings.

User avatar
Bram
Senior user
Senior user
Posts: 417
Joined: 2004-05-24 22:57
Location: The Netherlands
Contact:

Post by Bram » 2005-03-23 17:06

That is true, but the standard installation of clamwin (not SOSDG) does not scan compressed files.
hmailserver 4.3 (242 Live)
hmailserver 5.0 (605 Test)
Windows 2003
MSSQL
ASSP 1.3.2
ClamAV (SOSDG)
http://www.realdesign.nl

User avatar
Bingo
Normal user
Normal user
Posts: 92
Joined: 2005-01-27 11:43

Post by Bingo » 2005-03-29 10:26

I think that I had an installation of ClamAV (SOSDG) that did successfully scan emails with compressed attachments, but I can't get it to work anymore !!!
I changed my configuration to use the daemon instead of the command line tool (because the latest uses a lot of CPU, something like 1.5 second per email, when the daemon only uses 0.03 seconds). Now I can't find viruses in compressed attachments anymore.
BUT I can successfully find viruses in compressed files !!!

Example :

Email file containing the uncompressed eicar.com file :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicar.eml"
D:\hMailServer\Data\eicar.eml: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.038 sec (0 m 0 s)

Email file containing the uncompressed eicar_com.zip file :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicar_com.eml"
D:\hMailServer\Data\eicar_com.eml: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.032 sec (0 m 0 s)
Normal archive scan :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicar_com.zip"
D:\hMailServer\Data\eicar_com.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.025 sec (0 m 0 s)
And even with recursive archives :

Code: Select all

C:\clamav-devel\bin>clamdscan "D:\hMailServer\Data\eicarcom2.zip"
D:\hMailServer\Data\eicarcom2.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.027 sec (0 m 0 s)

maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-19 23:16

So did anyone get a consistant configuration to scan zip attachments??? I am searching all the forums and comming up with no solutions.

HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-12-19 23:22

I think the ! on your keyboard has locked itself. "Official" support for compressed attachments will be enabled in the next hMailServer version. I'm sure you can achive it in earlier versions as well, but it probably requires you to create an own bat script and use that as an external virus scanner.

maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 00:18

If I can not scan zips, how can I block them all together

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-12-20 00:20

You would have to write a VBA script for that. So it's probably easier to create a bat-script that actually scans them instead.

Have you confirmed that your ClamWin-hMailServer-integration works for normal uncompressed viruses?

maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 00:43

Out of the 25 webmail.us test with eicar, 11 of them came through undetected. They were all of the zip attachments.

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-12-20 00:46

Have you tried creating the C:\cygwin\tmp directory?
What is the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/tmp set to?

maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 01:25

Sorry, but I am a beginner on this hmail. If I create a bat file that hmail calls for the external scanner, how will hmail get the return value.

maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-20 01:28

I already have a c:\cygwin\tmp dir.
I do not have a /tmp key under mounts v2 ?

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-12-20 21:39

I was able to get scanning of zip to work by adding the following to a file called clamwin.reg, then doubleclicking on that file to import it into the registry

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"TMPDIR"="/cygdrive/c/clamav-devel/tmp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2]
"cygdrive prefix"="/cygdrive"
"cygdrive flags"=dword:00000022 (hex 22, dec 34)

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/tmp]
"native"="C:\\temp"
"flags"=dword:0000000a 

maverick
New user
New user
Posts: 23
Joined: 2005-12-08 21:44

Post by maverick » 2005-12-21 01:40

So, I am a little confused. Are you using ClamAV for windows, or ClamWin or are they the same?

GotNet
Normal user
Normal user
Posts: 207
Joined: 2005-04-16 20:52
Contact:

Post by GotNet » 2005-12-21 20:06

martin wrote:I was able to get scanning of zip to work by adding the following to a file called clamwin.reg, then doubleclicking on that file to import it into the registry

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"TMPDIR"="/cygdrive/c/clamav-devel/tmp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2]
"cygdrive prefix"="/cygdrive"
"cygdrive flags"=dword:00000022 (hex 22, dec 34)

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/tmp]
"native"="C:\\temp"
"flags"=dword:0000000a 
Confirmed this works: 4.2 B181 / clamwin 0.87.1. win2kpro
-------------------------------------------------------------------------------------------------
VIRUS DETECTED:
The attachment(s) of this message was removed since a virus
was detected in at least one of them.
-------------------------------------------------------------------------------------------------

:)

Mike

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2006-04-19 18:32

Hi all
With the latest clamwin update (0.88.1) and hMailServer 4.2.2 B199 or later, Hmailserver is scanning zip files with no other tweeks or scripts for me. So can any one else confirm or deny that this is the case ? Because if this is the case then this can be move to "implemented even though its not" (as Martin says).

Michael
Missing Hmailserver ... Now running Debian servers

Post Reply