Reject password protected archive attachments - is it possible?
Question asked by mh - 11/13/2019 at 6:15 AM
Answered
Is there a way to do this in SmarterMail 100.x? I know Declude had this functionality which was great, but with compatibility issues between SM and Declude this isn't much of an option when setting up a new server. I know certain extensions can be rejected, but I'm looking for a way to reject only password protected archives such as zip, rar, etc.

4 Replies

Reply to Thread
2
Sébastien Riccio Replied
Marked As Answer
Hello,

I can't guarantee because we use front end spam/virus scanners gateways instead of SM built-in (to lower the SM server load and add flexibility), but I think you can do this with the local or remote clamav.

There is a clamav setting: ArchiveBlockEncrypted  

In recent clamav versions, it seems to be replaced by:

AlertEncryptedArchive BOOL
Alert on encrypted archives (encrypted .zip, .7zip, .rar).
Default: no
AlertEncryptedDoc BOOL
Alert on encrypted documents (encrypted .pdf).
Default: no

This would need to be added in:
C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\etc\clamd.conf

That could maybe do the trick.



0
mh Replied
Awesome, thank you I will take a look at that and it should help a lot.
0
mh Replied
Just to respond, I did finally get some time to do this and it works fine. Here's from the delivery log from testing both encrypted zip and rar -

[2019.12.05] 14:21:12.049 [10000] This message has been quarantined because a virus was found (Heuristics.Encrypted.Zip).
[2019.12.05] 14:21:27.042 [10001] This message has been quarantined because a virus was found (Heuristics.Encrypted.RAR).

An encrypted PDF had the same result -

[2019.12.05] 14:30:15.589 [10002] This message has been quarantined because a virus was found (Heuristics.Encrypted.PDF).

Thanks for your response!
0
Sébastien Riccio Replied
Hello,

Thank you for the feedback. Nice to hear that it helped you achieving what you were trying to do.

Reply to Thread