Hello,
yesterday, some malware came in as ".vbe" inside .rar inside .zip.
Amavis couldn't recognize ".vbe" as banned, because unrar could not look
inside the archive:
May 11 13:36:39 mscanner amavis[9266]: (09266-17) (!)Decoding of p005
(RAR archive data, v3,) failed, leaving it unpacked: do_unrar:
/var/lib/amavis/tmp/amavis-20160511T131027-09266-396cGoei/parts/p005 is
not RAR archive at (eval 117) line 890.
I am using:
$unrar = ['rar', 'unrar'];
Is it possible to set an option in amavis to block mails, if the
attachments can not be sucessfully unpacked ?
Carsten
