Attachment in Archive RSS Back to forum
The attachment filtering of ORF does not support scanning inside attached archives, but if you have a command line tool (e.g. anti-virus product) which supports scanning inside archives, you can achieve this by creating an External Agent:
Information on External Agents: http://blog.vamsoft.com/?p=113
Creating External Agent definitions: http://blog.vamsoft.com/?p=115
Testing: http://blog.vamsoft.com/?p=118
Hello and thanks for your reply. That was not the answer i would like to here :-)
Correct me... but the external agent obtains the whole message (incl. mime-part) as parameter?
So its necessary to:
1. decode the mail to get the attachment(s)
2. extract zip attachment
3. look at each individual file to find out if it is an unwanted attachment!?
Is it possible to only get the attachments for the external agents?
My AV-Scanner (NOD32) can scan within Archives via /ARCH+ option...
BUT - i don't know if it will find a virus in a base64 encoded .EML - File?
and... how could that help me to block unwanted attachment in (zip/rar) archives?
Thanks in advance
@Uwe Kortkamp:
The External Agent test is performed on a temporary copy of the email (.eml file) which ORF creates in the path you specified under Configuration / Filtering - On Arrival / External Agents. Once the scan is finished and the agent has the result (i.e., the exit code returned by the command line executable), the file is deleted automatically.
Unfortunately, it is not possible to extract the attached files individually from the incoming emails, but usually that is not a problem, since the command line scanners (like NOD32) is capable of scanning inside archives (so it should find the virus (or any other files) in the .eml file, even if it is in the attached archive).
I assume it is possible to configure the command line scanner to return a hit on certain file types (or even better: MIME types) as well, so you could achieve your original goal (detect mp3 files inside archives attached to incoming emails). Unfortunately, I am not familiar with the capabilities of the NOD32 command line scanner, so I suggest consulting the documentation regarding this :)
(How) is it possible to filter unwanted attachments (like MP3....) in ZIP/RAR Archive?