Hello.true.
Im running a smtp server with f-secure and clamav. I have a problem with
the f-secure server because it cant find the bagle virus in password
protected zip files but clamav does. I e-mailed f-secure support about
and they said to me it isnt any virus scanner today that can find virus
in password protected zip files.
And this answer confuses me because clamav does find the virus in the password protected zip file. And now my question, how is it possible for clamav to find a virus in a password protected file when f-secure support claims it isnt possible?
Beacuse clamav doesn't just scan attachments. It also examines the raw email for certain patterns to mark archive-encrypted viruses. Something like "password" and then followed by an attachment.
If you only feed clamav with attachment (e.g. the encrypted zip), it won't be able to find it either.
Last, clamav (the latest version) also has an option in clamav.conf : ArchiveDetectEncrypted
If you turn this option on, clamav will reject all encrypted zips as Encrypted.Zip virus. Also works on encrypted rars. Even with that option off (which is the default case), you still catch most archive-encrypted viruses (In this case, Bagle).
Regards,
Fajar
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
