they could always rename the file and include instructions to put the name back. bear in mind, that microsoft has started making it difficult to impossible to get at emails with those kinds of extensions in them using microsoft's email products. Some versions require altering a registry key to enable certain file names, others just require changing some options. While I agree, in principal, with the idea of protecting users from their own stupidity, the historical fact is that the three-letter extension was ALWAYS a stupid way of telling executables from non, and the default of hiding those extensions was an even stupider idea.
the point here, is that even if you get the filenames through the scanner complex, the email client might block them, making users think the SCANNER is blocking. On Tue, 2005-02-22 at 12:09 -0600, Jason Byrns wrote: > Trog wrote: > > On Tue, 2005-02-22 at 11:00 -0600, Jason Byrns wrote: > > > > 'Banned filename'? ClamAV doesn't do banned filenames. > > So that's Amavis blocking banned file names, then? > > I have no problems continuing to scan within archives, and I agree > that's how many viruses are now being distributed. But I can't even > send password-protected zip files, if they have any banned file names > inside. And the email instructions sent automatically (by Amavis > and/or ClamAV) say password-protected zip files will get around the > banned file name. > > So my real question is, what if people want to email a file on the > banned list? (Y'know, files like *.exe, *.pif, *.bat, *.scr, *.vbs, > etc) I see archives still show you the names of files inside, even if > password protected. > > I guess I'd rather not just stop banned files altogether. It seems > sensible to block files of these types. Requiring a password-protected > zip seemed like a decent way to handle it, to me. Agreed? > > From my /etc/amavisd.conf: > qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic > > Or is this just a question for the Amavis guys instead? ;) > > Thanks for all the quick replies!! > _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
