On Thu, April 23, 2015 12:03 pm, Rajesh M wrote: > i am using foxhole_all.cdb foxhole_filename.cdb foxhole_generic.cdb but > does not work > > how do i block .cab extension even if they are within zip or rar or 7z > files.
Hi Rajesh In your sample...a-to-z_moving_and_delivery.zip Using database foxhole_all.cdb: a-to-z_moving_and_delivery.zip: Sanesecurity.Foxhole.Cab_scr.UNFFICIAL FOUND Using database phish.ndb: a-to-z_moving_and_delivery.zip: Sanesecurity.Malware.24866.ExeHeur.Cab.UNOFFICIAL FOUND Looks like something isn't working at your end. If you clamscan --database=foxhole_all.cdb a-to-z_moving_and_delivery.zip does it work? If not, might need a debug output from above command Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
