All important information is in the log lines you posted. What else you
need to know?
libarchive:
...Pathname cannot be converted from UTF-8 to current locale. ...
7z:
... Invalid or incomplete multibyte or wide character ...
The filenames and/or foldernames in the zip are encoded using UTF-8 (or
bad encoded). Because your assp session (possibly the OS) uses another
locale, the filenames must be converted from UTF-8, which is impossible.
Forcing such encoding mistakes can be used to mask malicious content from
being analyzed. But some other (enduser) OS or application may open the
files and execute malicious code.
For this reason assp treat such files as virus infected.
Thomas
Von: "Leandro N. Castro - INSETEC Informática"
<leandro.cas...@insetec.com.ar>
An: "For Users of ASSP" <assp-u...@lists.sourceforge.net>, "ASSP
development mailing list" <assp-test@lists.sourceforge.net>
Datum: 15.01.2021 22:18
Betreff: [Assp-test] Problem with zip file AFC
Hi people I have a problem with some kind of zip files that we receive
from a site in the Amazon AWS, but when I tested with the same zip file
from my domain I receive the same error (inside the zip file are an image
and a pdf).
I have ASSP version 2.6.3 *SPAM-Evaporator* build 20002, with ASSP_AFC
version 5.26 and in another server AFC 5.18, both with Centos 7, perl
5.30.3
In the AFC configuration “Block Encrypted Compressed Attachments
(ASSP_AFCblockEncryptedZIP)” is enabled
I think for that option I receive de error “possibly virus infected file
(can't extract archive)”
When I update to AFC 5.26 I start to view in the log file more context to
the error:
Jan-15-21 16:40:22 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out]
152.168.3.26 <leandro.cas...@externaldomain.com.ar> info: found message
size announcement: 182.14 kByte
Jan-15-21 16:40:22 [Worker_1] leandro.cas...@externaldomain.com.ar matches
@externalDomain.com.ar in whiteListedDomains
Jan-15-21 16:40:23 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out]
152.168.3.26 <leandro.cas...@externaldomain.com.ar> to:
filtros...@asspserverdomain.com.ar Whitelisted sender Domain:
@externalDomain.com.ar
Jan-15-21 16:40:24 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out]
152.168.3.26 <leandro.cas...@externaldomain.com.ar> to:
filtros...@asspserverdomain.com.ar[Plugin] calling plugin ASSP_AFC
Jan-15-21 16:40:24 [Worker_1] Warning: possibly virus infected file (can't
read entry in archive header)
'/opt/assp/tmp/zip_1_1610739624.27276/prueba2LEO.zip' - <-20> - Pathname
cannot be converted from UTF-8 to current locale.
Jan-15-21 16:40:24 [Worker_1] Warning: warn - libarchive extract
'/opt/assp/tmp/zip_1_1610739624.27276/prueba2LEO.zip' - <-20> - Pathname
cannot be converted from UTF-8 to current locale.
Jan-15-21 16:40:24 [Worker_1] Warning: possibly virus infected file (can't
extract archive using 7z [open3: close(main::STDIN) failed: Bad file
descriptor at /opt/perl/lib/site_perl/5.30.3/IPC/Cmd.pm line 1531 thread
2.
]) '/opt/assp/tmp/zip_1_1610739624.27276/prueba2LEO.zip' - Invalid
or incomplete multibyte or wide character –
Jan-15-21 16:40:24 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 152.168.3.26 <leandro.cas...@externaldomain.com.ar> to:
filtros...@asspserverdomain.com.arSPAM FOUND bad attachment
'prueba2LEO.zip' cause: 'possibly virus infected file (can't extract
archive)'
Anyone have a clue about what cause the problem?
When I send the same file to another server with AFC 5.18 show fewer
lines, only the “can't extract archive” thing nothing about the errors in
bold font I describe before.
Thanks in advance.
Bye.
Leandro.
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
