search

sbidy / MacroMilter

This python based milter (mail-filter) checks an incoming mail for suspicious VBA macro code in MS 20xx Office attachments (doc, xls, ppt ...).
MIT License
37 stars 14 forks source link

Encrypted zip not handled correctly #35

Closed sbidy closed 5 years ago

sbidy commented 6 years ago

Exception in milter if a encrypted zip is send:

2018-01-15 14:59:30,754 -    DEBUG: [1574] Exeption code: [!! Traceback (most recent call last):
!!   File "/usr/bin/macromilter", line 282, in checkforVBA
    zipvba = self.getZipFiles(attachment, filename)
!!   File "/usr/bin/macromilter", line 334, in getZipFiles
    for zip_name, zip_data in files_in_zip:
!!   File "/usr/bin/macromilter", line 376, in zipwalk
    data = z.read(fname)
!!   File "/usr/lib64/python2.7/zipfile.py", line 931, in read
    return self.open(name, "r", pwd).read()
!!   File "/usr/lib64/python2.7/zipfile.py", line 986, in open
    "password required for extraction" % name
!! RuntimeError: File YUMI-2.0.5.2.exe is encrypted, password required for extraction
]

Possible solution:

for zinfo in zf.infolist():
    is_encrypted = zinfo.flag_bits & 0x1

P.S.: Typo >> Exeption = Exception

sbidy commented 5 years ago

tested