Results 1 to 10 of 10

Thread: [SOLVED] Allow banned content in encrypted ZIP?

  1. #1
    Join Date
    Apr 2008
    Location
    Reno, NV
    Posts
    11
    Rep Power
    7

    Default [SOLVED] Allow banned content in encrypted ZIP?

    Greetings,

    We recently upgraded to ZCS 6.0.7 NE. All seems to be well, with one big problem (for us anyway). The attachment filtering works a little too well.

    Our organization needs to be able to send and receive otherwise banned content (exe,bat,dll, etc...) via a password encrypted ZIP archive. We have disabled the blocking of encrypted archives, but that does not allow us to send anything in the banned content list via an encrypted ZIP. It would appear that Zimbra (via Amavis?) is doing a regex search against the contents of the zip, and blocking the content, regardless of the password encrypted ZIP file. If I double ZIP the contents, with the outermost ZIP being password encrypted, we can pass the content through. Renaming a ZIP to .txt doesn't help since the filters seem to use file to determine the type, rather than the extension.

    I understand why this is cool for most organizations, and we obviously want banned content to get blocked under other circumstances. How do we configure the system to allow encrypted ZIP files that contain otherwise banned content? Is there a configuration option or combination of options within Amavis or somewhere else that we should look?

    Thanks for any assistance with this issue.

    Colin
    Last edited by colin_zcs; 08-27-2010 at 03:58 PM.

  2. #2
    Join Date
    May 2009
    Location
    Bremen, Germany
    Posts
    122
    Rep Power
    6

    Default

    Maybe this will work.

    Add the following before line 2010 in /opt/zimbra/conf/amavisd.conf.in

    Code:
    [ qr'^\.(zip|rar|arc|arj|zoo|7z|gz|bz2|rpm|cpio|tar)$'=> 0 ],  # allow any within these archives
    Don't forget to run zmamavisdctl reload, to rewrite the amavisd configuration and reload amavisd.
    Last edited by jummo; 08-30-2010 at 05:08 AM. Reason: Typo

  3. #3
    Join Date
    Apr 2008
    Location
    Reno, NV
    Posts
    11
    Rep Power
    7

    Default

    Thanks for your help jummo,

    Note: Not sure if your line#2010 is a typo, as our conf file only has 627 lines with the new content added at what seemed to be the appropriate line: #170

    That change does allow us to send and receive password protected ZIPs with banned content. However, it also allows non-password protected ZIPs with banned content.

    I hope there is a middle ground that allows protected ZIPs but blocks unprotected ZIPs with banned content. Any thoughts on that problem?

    Regards,

    Colin

  4. #4
    Join Date
    May 2009
    Location
    Bremen, Germany
    Posts
    122
    Rep Power
    6

    Default

    Yes, a typo, but I have edited the line #204.

    The context:
    Code:
    $banned_filename_re = new_RE(
      [ qr'^\.(zip|rar|arc|arj|zoo|7z|gz|bz2|rpm|cpio|tar)$'=> 0 ],  # allow any within these archives
      # banned extension - basic
      %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i,
    );
    To allow only password protected files, I think the configuration parameter
    Code:
    [ qr'^UNDECIPHERABLE$'=> 0 ],
    should be enough, see KSLin: amavis - To allow only password protected archives .

  5. #5
    Join Date
    Apr 2008
    Location
    Reno, NV
    Posts
    11
    Rep Power
    7

    Default

    Thanks again for your assistance, jummo. That link was helpful and insightful to understanding the changes.

    We have determined that this setting meets our needs of allowing banned content within a password protected archive, while blocking banned content within unprotected archives:

    Code:
    $banned_filename_re = new_RE(
      [ qr'^UNDECIPHERABLE$'=> 0 ],
      # banned extension - basic
      %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i, );
    I appreciate all of your help!

    Regards,

    Colin

  6. #6
    Join Date
    Jul 2012
    Posts
    12
    Rep Power
    3

    Default

    this does not seem to work with zimbra 8.

  7. #7
    Join Date
    Aug 2007
    Location
    Indianapolis
    Posts
    54
    Rep Power
    8

    Default

    Quote Originally Posted by mathx View Post
    this does not seem to work with zimbra 8.
    It worked for me under Zimbra 8.0.2, though the behavior did change slightly from 7.x - now these encrypted zips come through with an altered subject line that include ***UNCHECKED***.

  8. #8
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    5

    Default

    Wouldn't it be easier to send briefcase links ?

  9. #9
    Join Date
    Apr 2008
    Location
    Reno, NV
    Posts
    11
    Rep Power
    7

    Default

    Quote Originally Posted by dik23 View Post
    Wouldn't it be easier to send briefcase links ?
    That is most likely easier for internal users of the system. It is not an option for us when we need to share files with external clients.

  10. #10
    Join Date
    Apr 2008
    Location
    Reno, NV
    Posts
    11
    Rep Power
    7

    Default

    Quote Originally Posted by peng1can View Post
    It worked for me under Zimbra 8.0.2, though the behavior did change slightly from 7.x - now these encrypted zips come through with an altered subject line that include ***UNCHECKED***.
    Good to know it still works in 8.0.2. Though it is somewhat odd that the behavior you describe with the subject was present in 7.x, but you did not experience it until 8.x. Our 7.x server always added the "***UNCHECKED***" to the beginning of the Subject: header.

Similar Threads

  1. Content filter in Zimbra
    By 322877 in forum Administrators
    Replies: 1
    Last Post: 07-05-2010, 03:45 AM
  2. Vewing Banned Content
    By ideallife in forum General Questions
    Replies: 0
    Last Post: 06-22-2010, 09:57 AM
  3. Password Encrypted ZIP files
    By delphi98 in forum Administrators
    Replies: 4
    Last Post: 06-25-2008, 03:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •