Recently I have received some viruses that have scr inside zip
arhcive inside zip archive. And also there have been some cab's containing exe
files.
Since I have already blocked exe and scr files in exim mime check I did try
to search Google for blocking those files inside archives. And since I did not
have mutch success with it, I decided to post sample rules here.
I created exe_in_archive.cdb file in clamav database directory, that
contains:
Archived_EXE:*:*:.*\.exe:*:*:*:*:*:*
Archived_SCR:*:*:.*\.scr:*:*:*:*:*:*
Archived_PIF:*:*:.*\.pif:*:*:*:*:*:*
Archived_COM:*:*:.*\.com:*:*:*:*:*:*
--
Virgo Pärna
virgo.pa...@mail.ee
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
