Our installation of qmail-scanner (1.25) is configured to block all
attachments that might carry a virus payload. Over the few months we
have seen a large up tick in the number zip files that contained zip
files that contained a virus.
I'm of two ideas for blocking in this instance:
1) Recursively unzip any files in the original zipfiles.
2) block any sub-files that are themselves archive.
Both of these seem to cause problems of one type or another. Option 1
might encounter a crafted attack that overwrites the harmful files with
benign ones in the subsequent unzip files. Option 2 might block
innocent archives that contain other archive-type files.
Any suggestions?
--Matthew Blevins
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
