On Thu, 05 Feb 2015 14:22:08 +0100, Benny Pedersen <m...@junc.eu> wrote:
>
> so i think foxhole need to test if zip contains another zip, when
> --max-recursion=1
>
Unfortunately such checking is not possible with rules.
But it actally gave me an idea. What if there was
"ArchiveBlockTooDeep" that would mark archives that go over
recursion limit same way as encrypted archives when
"ArchiveBlockEncrypted" is set.
>
> if just end users did not press to see attachment from unknown senders,
> it would be less of a problem, and if microsoft blocks installers or exe
> files from unknown signers when users running administrator mode, it
> would make a big diffrence
>
For some reason I thought, that built in support for treating zip
files as folders in Windows had problems with recursive files. But
that does not appear to be the case. Unfortunately.
--
Virgo Pärna
virgo.pa...@mail.ee
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
