Thanks Thomas, I will investigate the issue in the OS and logs, internally the same zip open without problem in the Centos console. I think the problem by other way is related to some thing the user put inside the zip file with Spanish character (we are from Argentina) and in some of the convertions appear the error.
It could be related to the fact that I can’t update the perl module in Centos 7 “Archive::Libarchive::XS(libarchive-version) version 3.1.2” to newer version? I really appreciate your help thank you. Bye. De: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Enviado el: sábado, 16 de enero de 2021 06:34 Para: ASSP development mailing list Asunto: Re: [Assp-test] Problem with zip file AFC All important information is in the log lines you posted. What else you need to know? libarchive: ...Pathname cannot be converted from UTF-8 to current locale. ... 7z: ... Invalid or incomplete multibyte or wide character ... The filenames and/or foldernames in the zip are encoded using UTF-8 (or bad encoded). Because your assp session (possibly the OS) uses another locale, the filenames must be converted from UTF-8, which is impossible. Forcing such encoding mistakes can be used to mask malicious content from being analyzed. But some other (enduser) OS or application may open the files and execute malicious code. For this reason assp treat such files as virus infected. Thomas Von: "Leandro N. Castro - INSETEC Informática" <leandro.cas...@insetec.com.ar> An: "For Users of ASSP" <assp-u...@lists.sourceforge.net>, "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 15.01.2021 22:18 Betreff: [Assp-test] Problem with zip file AFC ________________________________ Hi people I have a problem with some kind of zip files that we receive from a site in the Amazon AWS, but when I tested with the same zip file from my domain I receive the same error (inside the zip file are an image and a pdf). I have ASSP version 2.6.3 *SPAM-Evaporator* build 20002, with ASSP_AFC version 5.26 and in another server AFC 5.18, both with Centos 7, perl 5.30.3 In the AFC configuration “Block Encrypted Compressed Attachments (ASSP_AFCblockEncryptedZIP)<javascript:void(0);>” is enabled I think for that option I receive de error “possibly virus infected file (can't extract archive)” When I update to AFC 5.26 I start to view in the log file more context to the error: Jan-15-21 16:40:22 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out] 152.168.3.26 <leandro.cas...@externaldomain.com.ar> info: found message size announcement: 182.14 kByte Jan-15-21 16:40:22 [Worker_1] leandro.cas...@externaldomain.com.ar matches @externalDomain.com.ar in whiteListedDomains Jan-15-21 16:40:23 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out] 152.168.3.26 <leandro.cas...@externaldomain.com.ar> to: filtros...@asspserverdomain.com.ar Whitelisted sender Domain: @externalDomain.com.ar Jan-15-21 16:40:24 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out] 152.168.3.26 <leandro.cas...@externaldomain.com.ar> to: filtros...@asspserverdomain.com.ar[Plugin] calling plugin ASSP_AFC Jan-15-21 16:40:24 [Worker_1] Warning: possibly virus infected file (can't read entry in archive header) '/opt/assp/tmp/zip_1_1610739624.27276/prueba2LEO.zip' - <-20> - Pathname cannot be converted from UTF-8 to current locale. Jan-15-21 16:40:24 [Worker_1] Warning: warn - libarchive extract '/opt/assp/tmp/zip_1_1610739624.27276/prueba2LEO.zip' - <-20> - Pathname cannot be converted from UTF-8 to current locale. Jan-15-21 16:40:24 [Worker_1] Warning: possibly virus infected file (can't extract archive using 7z [open3: close(main::STDIN) failed: Bad file descriptor at /opt/perl/lib/site_perl/5.30.3/IPC/Cmd.pm line 1531 thread 2. ]) '/opt/assp/tmp/zip_1_1610739624.27276/prueba2LEO.zip' - Invalid or incomplete multibyte or wide character – Jan-15-21 16:40:24 m1-39622-01478 [Worker_1] [TLS-in] [TLS-out] [Attachment] 152.168.3.26 <leandro.cas...@externaldomain.com.ar> to: filtros...@asspserverdomain.com.arSPAM FOUND bad attachment 'prueba2LEO.zip' cause: 'possibly virus infected file (can't extract archive)' Anyone have a clue about what cause the problem? When I send the same file to another server with AFC 5.18 show fewer lines, only the “can't extract archive” thing nothing about the errors in bold font I describe before. Thanks in advance. Bye. Leandro. _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
