Trog wrote:
On Tue, 2005-02-22 at 11:00 -0600, Jason Byrns wrote:
'Banned filename'? ClamAV doesn't do banned filenames.
So that's Amavis blocking banned file names, then?
I have no problems continuing to scan within archives, and I agree that's how many viruses are now being distributed. But I can't even send password-protected zip files, if they have any banned file names inside. And the email instructions sent automatically (by Amavis and/or ClamAV) say password-protected zip files will get around the banned file name.
So my real question is, what if people want to email a file on the banned list? (Y'know, files like *.exe, *.pif, *.bat, *.scr, *.vbs, etc) I see archives still show you the names of files inside, even if password protected.
I guess I'd rather not just stop banned files altogether. It seems sensible to block files of these types. Requiring a password-protected zip seemed like a decent way to handle it, to me. Agreed?
From my /etc/amavisd.conf: qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
Or is this just a question for the Amavis guys instead? ;)
Thanks for all the quick replies!!
Probably not what you're looking for, but I've added your domain to my list of blocked domains because you present yourself as someone who doesn't understand the importance of this process, nor the nature of infected payloads, regardless of the wrapping they come in. Password protected archives are a common way to distribute viruses.
dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
