> I created exe_in_archive.cdb file in clamav database directory, that > contains: > Archived_EXE:*:*:.*\.exe:*:*:*:*:*:*
For got to add that the above sig, as you are using a *wildcard* ContainerType, means that any exe in the following types will be blocked: ContainerType: one of CL_TYPE_ZIP, CL_TYPE_RAR, CL_TYPE_ARJ, CL_TYPE_CAB, CL_TYPE_7Z, CL_TYPE_MAIL, CL_TYPE_(POSIX|OLD)_TAR, CL_TYPE_CPIO_(OLD|ODC|NEWC|CRC) So, using CL_TYPE_MAIL will hit a url/filename mentoned in an email too, which might not be a bad thing but though I'd mention it. Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
