Environment:
Archive information:
Type = Rar5
Method = v6:m3:512K
Contained file = Remittance Copy.vbs
PMG log:
found archive 'Remittance Copy-1.rar' (application/vnd.rar)
unpack failed - child 'XXXX' failed: 512
accept mail to (rule: default-accept)
Manual testing:
7z l archive.rar -> shows Remittance Copy.vbs
7z x archive.rar -> ERROR: Unsupported Method : Remittance Copy.vbs
The extracted file is empty (0 bytes) and therefore ClamAV reports OK.
Other mail systems detect or block the message:
If PMG cannot unpack an archive because of an unsupported compression method, the message should not be silently accepted by default.
Possible solutions:
- Proxmox Mail Gateway 8.2.11
- ClamAV 1.4.3
- Debian Bookworm
- p7zip-full 16.02+really25.01
Archive information:
Type = Rar5
Method = v6:m3:512K
Contained file = Remittance Copy.vbs
PMG log:
found archive 'Remittance Copy-1.rar' (application/vnd.rar)
unpack failed - child 'XXXX' failed: 512
accept mail to (rule: default-accept)
Manual testing:
7z l archive.rar -> shows Remittance Copy.vbs
7z x archive.rar -> ERROR: Unsupported Method : Remittance Copy.vbs
The extracted file is empty (0 bytes) and therefore ClamAV reports OK.
Other mail systems detect or block the message:
- Gmail blocks it
- Windows Defender detects it
- Mailcow/Rspamd detects MIME_BAD_EXTENSION [vbs]
If PMG cannot unpack an archive because of an unsupported compression method, the message should not be silently accepted by default.
Possible solutions:
- treat unpack failures as dangerous content;
- allow Archive Filter / Match Filename to act on file names discovered during archive listing;
- provide an option to quarantine archives with unpack failures.
I can provide the sample archive privately if required.
