assp compressed attachment check problem

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

assp compressed attachment check problem

Adrian Stoica-2

Hello

I see this in ASSP version 2.5.4(16347) , then I upgraded to ASSP version 2.5.6(17026) and this bug still exists

I’ve noticed a legitim mail that was blocked by attachment , and the mail have 3 zip archives with doc , docx and xsd files in them , that are not configured to be blocked.

 

So: Linux x64 , Perl 5.020002 , ASSP_AFC version 3.35 – complete mail .

 

I have nothing in assp/tmp

Please see this log :

Feb-01-17 11:49:30 [Main_Thread] Info: analyze detected: IP: 'someIP' , HELO: 'someMX' , assp-Host: 'myMX'

Feb-01-17 11:49:36 [Main_Thread] Info: using user based compressed attachment check

Feb-01-17 11:49:37 [Main_Thread] Info: using user based compressed attachment check

Feb-01-17 11:49:38 [Main_Thread] Info: using user based compressed attachment check

Feb-01-17 11:49:39 [Main_Thread] Info: using user based compressed attachment check

Feb-01-17 11:49:40 [Main_Thread] Info: using user based compressed attachment check

Feb-01-17 11:49:40 [Main_Thread] Warning: possibly virus infected file (can't extract archive) '/pathto/assp/tmp/zip_0_1485942580/Chestiuni_F2101_F2102_F2103.zip' - File exists -

Feb-01-17 11:49:41 [Main_Thread] Info: using user based compressed attachment check

Feb-01-17 11:49:42 [Main_Thread] Warning: Archive::Extract detected an error for '/pathto/assp/tmp/zip_0_1485942581/chestiuni_B101_F2104_2108.zip' - Could not chdir back to start dir '': '

Feb-01-17 11:49:43 [Main_Thread] Info: using user based compressed attachment check

Feb-01-17 11:49:43 [Main_Thread] Warning: Archive::Extract detected an error for '/pathto/assp/tmp/zip_0_1485942583/XSD.zip' - Could not chdir back to start dir '': '

 

I try again to analyze and asp get stopped after the last warning:

[Main_Thread] Sig TERM

[Main_Thread] Initializing shutdown sequence

Then startup and say after [init] Info: 0 licenses registered [init] Error: unclean shutdown of ASSP detected


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: assp compressed attachment check problem

Thomas Eckardt/eck
The mail was blocked by the ASSP_AFC plugin. The latest version of the plugin is 4.45!


Thomas





Von:        "Adrian Stoica" <[hidden email]>
An:        <[hidden email]>
Datum:        01.02.2017 11:45
Betreff:        [Assp-user] assp compressed attachment check problem




Hello
I see this in ASSP version 2.5.4(16347) , then I upgraded to ASSP version 2.5.6(17026) and this bug still exists
I’ve noticed a legitim mail that was blocked by attachment , and the mail have 3 zip archives with doc , docx and xsd files in them , that are not configured to be blocked.
 
So: Linux x64 , Perl 5.020002 , ASSP_AFC version 3.35 – complete mail .
 
I have nothing in assp/tmp
Please see this log :
Feb-01-17 11:49:30 [Main_Thread] Info: analyze detected: IP: 'someIP' , HELO: 'someMX' , assp-Host: 'myMX'
Feb-01-17 11:49:36 [Main_Thread] Info: using user based compressed attachment check
Feb-01-17 11:49:37 [Main_Thread] Info: using user based compressed attachment check
Feb-01-17 11:49:38 [Main_Thread] Info: using user based compressed attachment check
Feb-01-17 11:49:39 [Main_Thread] Info: using user based compressed attachment check
Feb-01-17 11:49:40 [Main_Thread] Info: using user based compressed attachment check
Feb-01-17 11:49:40 [Main_Thread] Warning: possibly virus infected file (can't extract archive) '/pathto/assp/tmp/zip_0_1485942580/Chestiuni_F2101_F2102_F2103.zip' - File exists -
Feb-01-17 11:49:41 [Main_Thread] Info: using user based compressed attachment check
Feb-01-17 11:49:42 [Main_Thread] Warning: Archive::Extract detected an error for '/pathto/assp/tmp/zip_0_1485942581/chestiuni_B101_F2104_2108.zip' - Could not chdir back to start dir '': '
Feb-01-17 11:49:43 [Main_Thread] Info: using user based compressed attachment check
Feb-01-17 11:49:43 [Main_Thread] Warning: Archive::Extract detected an error for '/pathto/assp/tmp/zip_0_1485942583/XSD.zip' - Could not chdir back to start dir '': '
 
I try again to analyze and asp get stopped after the last warning:
[Main_Thread] Sig TERM
[Main_Thread] Initializing shutdown sequence
Then startup and say after [init] Info: 0 licenses registered [init] Error: unclean shutdown of ASSP detected------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!
http://sdm.link/slashdot_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user