Re: [Clamav-users] Re: Simple patch for dealing with password zip files

[Jesper Juhl]

On Thu, 4 Mar 2004, Jim Mercer wrote:

> On Thu, Mar 04, 2004 at 07:52:35PM +0100, Jesper Juhl wrote:
> > Our mailserver is setup to reject certain file types as attachments (.com,
> > .exe, .pif etc etc). Sometimes users have a legitimate need to get such
> > files through, and the way they do it is to compress them and add a
> > password to the zip archive so the content filter can't look inside.
>
> alternately, the sender could rename the file to "something.exe.noscan".
> and the receiver could rename it as they are saving it.
>
> oops, maybe i just gave the virus writers a new method of delivery!
>

Nope, that won't work. Besides blocking purely based on name we also run
'file' on the attachments and block based on the type of file returned by
'file'. So, a windows executable renamed from foo.exe to foo.txt will
still be caught as a banned 'exe' file - blocking only based on the name
would be way too primitive.


-- 
Jesper Juhl <[EMAIL PROTECTED]>
Systems Administrator, Danmarks Idręts-Forbund / The Danish Sports Federation
Please don't top-post    http://www.catb.org/~esr/jargon/html/T/top-post.html
Please send plain text emails only          http://www.expita.com/nomime.html


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users