Solution for passworded downloads

[B@z]

Please all, help think of the best way to attack the passworded-rar-in-download problem.

This seems a new wat to spead mallware and receive ad fundings, but sure is annoying.

I thought something like to open file after the first few rar's have downloaded to review the contents.
But a better solution would be some sort of nuke system where if more than x nukes the post will be filtered. I don't know how this extends to newsgroup policy.

But the bottom line must be, this has to stop. So help brainstorm for the best (long term) solution.

[Digitoxin]

Seems like there should be a way to analyze the rar file and abort as soon as Newsleecher is able to detect that is is password protected. This could also be extended to a content filter that can scan within the rar file to get rid of downloads containing files with extensions like .avi.exe

[Downstream]

Some free .nzb sites mark hits with "password protected".
But they are not failproof.

https://bugs.launchpad.net/sabnzbd/+bug/562296
I want to add if the header of the first RAR is corrupted this test can give false results.

===========================
Sorry, that is not true. It is true that WinRAR can not distinguish between password protected data and corrupted data based on the data and the checksum alone, but the RAR format has a flag for password protected files in the header, this is the way the software knows when to prompt the user for a password.
Password protected files can usually be detected by just having the first MESSAGE PART of the first .rar file, like this:
The following is some code I have used for another project:
$data is the first n bytes of a RAR archive file.
$rar=unpack('H14header/H6junk/S1encrypted', $data);
if ($rar['header']!='526172211a0700') {
output('Not a RAR archive: '.$filename.' - header is '.$rar['header']);
}
if ($rar['encrypted'] & 128) {
output('Encrypted archive!');
$encrypted=true;
} else {
$file=tempnam('/tmp','unrar-test-file');
file_put_contents($file, $data);
exec('unrar lt -ep -c- -id -r -kb -p- '.$file, $output);
unlink($file);
foreach ($output as $line) if (substr($line,0,1)=='*') $encrypted=true;
if ($encrypted) {
output('Encrypted file in archive!');
}
}
_________________
To avoid the usual none answer for most bugs: "Did you defrag?"
CPU: i7 3960X 3.3Ghz
HD on which NL runs Velicoraptor in raid setup (900 GB total)
RAM: more than useful
Defrag: Daily

[Downstream]

Anyone got a similar header check for .wmv files?
_________________
To avoid the usual none answer for most bugs: "Did you defrag?"
CPU: i7 3960X 3.3Ghz
HD on which NL runs Velicoraptor in raid setup (900 GB total)
RAM: more than useful
Defrag: Daily

[deedubb]

I would love to see this feature

[tygrys]

One way is to download the first rar and open it..can be annoying but I find it easier then downloading the whole thing lol

[Downstream]

[B@z]

[Spiril]

A feature that prevents NewsLeecher from downloading RAR-in-RAR sets is on the roadmap for NewsLeecher V4.1 or NewsLeecher V5.0.
_________________

Bug fixed. No idea how. Hate it when that happens. Trying to break it again now. Will. not. be. defeated.

[Malignant]

Is it also possible to enter a password in R&E ?

I.E.

Right click on a set and have the option to "Set extraction password" ?

This way NL can cope with PW protected files.

[BlizzardUK]

That feature of stopping rar in rar downloads sounds great. These people uploading all these passworded files must be making money, but surely after a while people should have learnt just to bin them and not go to the site they send you to.

Just a handy little tip, always download the LAST rar file and not the first one, the last one is usually not only much smaller than the first, but also the one that contains the password.txt file.

Also perhaps there is a way to use http://www.mysterbin.com software within the supersearch ?

[Lazruss66]

[dlmvegas]

There is only one retard that is doing most, if not all of the passworded crap on the news servers. DO NOT WASTE YOUR TIME DOWNLOADING ANYTHING POSTED BY [b]Yenc-PP-A&A[/b]. Movies by this scum are showing up primarily in A.B.Movies group. I have seen some in other groups by this same scum bag.

Makes you wish there were group monitors out there that could just filter out or have an auto delete for certain poster's files.

[highwaykind]

I would LOVE a 'passworded' alert too!
binsearch and other have this, so I hope NL can mark passworded posts a certain color (grey them out? red?)

Blocking the Yenc-PP-A&A poster does NOT work - it's what Yenc defaults to so this will mean you also block good posts..

[mrpopo]

I would love the ability to add a password to a download.

So if I download something of which I know the password. I would like to enter this password for that specific download so NL can download and unrar it when done downloading / repairing.