RE: [Clamav-users] Re: Simple patch for dealing with password zip files

Jean-Francois Guilmard Mon, 08 Mar 2004 11:52:22 -0800

What about .html   ???

Jeff


-----Original Message-----
From: John Jolet [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 08, 2004 10:12 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Re: Simple patch for dealing with password
zip files

On Monday 08 March 2004 10:51 am, Jesper Juhl wrote:
--snip--
> The first "qr" block checks for double extensions like file.foo.exe
and
> ban such files if the last extension is one of
vbs|pif|scr|bat|com|exe|dll
> the next two "qr" blocks block files purely based on the last
extension.
> The next "qr" block blocks based on the output from file(1), and the
last
> "qr" block blocks based on mime type.
--snip--
This brings up an interesting point.  I've never seen a legitimate file
on a 
windows box with two or more 3-character extensions.  Would it be a bad 
assumption to make?


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: Simple patch for dealing with password zip files

Reply via email to