Hello, We're getting the standard UPS attachment scam. An exe is inside a zip file.
Mimedefang catches most of these but it misses a few. I decided to track one of the few through mimedefang and found out why in mimedefang.pl if Archive::Zip doesn't return an AZ_OK then mimedefang lets the attachment through. From what I could find out, if Archive::Zip doesn't return AZ_OK then there is a problem with the zip file. I'd rather block defective zip files then let them through. In the code below, I substituted "return 0;" with "else { return 1; }" and that solved my problem. Now good zips still go through, zips with exe's get replaced with warning, and defective (hacked I'm assuming) get replaced with warnings too. I'm surprised that standard procedure is to let defective zips through. Or am I understanding this wrong? Thanks, Cliff sub re_match_in_zip_directory ($$) { my($zipname, $regexp) = @_; unless ($Features{"Archive::Zip"}) { md_syslog('err', "$MsgID: Attempted to use re_match_in_zip_directory, but Perl module Archive::Zip is not installed."); return 0; } my $zip = Archive::Zip->new(); # Prevent carping about errors Archive::Zip::setErrorHandler(\&dummy_zip_error_handler); if ($zip->read($zipname) == AZ_OK()) { foreach my $member ($zip->members()) { my $file = $member->fileName(); return 1 if ($file =~ /$regexp/i); } } else { return 1; } } _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang