[SOLVED] Allow banned content in encrypted ZIP?

[colin_zcs]

Greetings,

We recently upgraded to ZCS 6.0.7 NE. All seems to be well, with one big problem (for us anyway). The attachment filtering works a little too well.

Our organization needs to be able to send and receive otherwise banned content (exe,bat,dll, etc...) via a password encrypted ZIP archive. We have disabled the blocking of encrypted archives, but that does not allow us to send anything in the banned content list via an encrypted ZIP. It would appear that Zimbra (via Amavis?) is doing a regex search against the contents of the zip, and blocking the content, regardless of the password encrypted ZIP file. If I double ZIP the contents, with the outermost ZIP being password encrypted, we can pass the content through. Renaming a ZIP to .txt doesn't help since the filters seem to use file to determine the type, rather than the extension.

I understand why this is cool for most organizations, and we obviously want banned content to get blocked under other circumstances. How do we configure the system to allow encrypted ZIP files that contain otherwise banned content? Is there a configuration option or combination of options within Amavis or somewhere else that we should look?

Thanks for any assistance with this issue.

Colin

[jummo]

Maybe this will work.

Add the following before line 2010 in /opt/zimbra/conf/amavisd.conf.in

Code:

[ qr'^\.(zip|rar|arc|arj|zoo|7z|gz|bz2|rpm|cpio|tar)$'=> 0 ],  # allow any within these archives

Don't forget to run zmamavisdctl reload, to rewrite the amavisd configuration and reload amavisd.

[colin_zcs]

Thanks for your help jummo,

Note: Not sure if your line#2010 is a typo, as our conf file only has 627 lines with the new content added at what seemed to be the appropriate line: #170

That change does allow us to send and receive password protected ZIPs with banned content. However, it also allows non-password protected ZIPs with banned content.

I hope there is a middle ground that allows protected ZIPs but blocks unprotected ZIPs with banned content. Any thoughts on that problem?

Regards,

Colin

[jummo]

Yes, a typo, but I have edited the line #204.

The context:

Code:

$banned_filename_re = new_RE(
  [ qr'^\.(zip|rar|arc|arj|zoo|7z|gz|bz2|rpm|cpio|tar)$'=> 0 ],  # allow any within these archives
  # banned extension - basic
  %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i,
);

To allow only password protected files, I think the configuration parameter

Code:

[ qr'^UNDECIPHERABLE$'=> 0 ],

should be enough, see KSLin: amavis - To allow only password protected archives .

[colin_zcs]

Thanks again for your assistance, jummo. That link was helpful and insightful to understanding the changes.

We have determined that this setting meets our needs of allowing banned content within a password protected archive, while blocking banned content within unprotected archives:

Code:

$banned_filename_re = new_RE(
  [ qr'^UNDECIPHERABLE$'=> 0 ],
  # banned extension - basic
  %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i, );

I appreciate all of your help!

Regards,

Colin