At 20:19 -0400 21-07-2005, Matthew H Blevins wrote:
Salvatore,
We've seen a lot of virus payload zip files that were themselves
zipped. We used to unzip and
check them, but when the unzip contained a zipfile with a payload in
that, they were getting
through. I had to resort to blocking all zip files.
Is redundant a solution to that?
--Matthew
If redundat is enabled, qmail-scanner will pass the raw message and
all the attachment to the AV scanners, so they are scanned twice.
And if force_unzip is enables the zip files will be unzipped 'once',
the AV scanners will then scan the raw message and the attachment
unzipped (if they where zip files), the original zip file will be
deleted before running the AVs.
I'm afraid that qmail-scanner doesn't unzip recursively. I think that
the AVs will deal well with a double-zipped file, as qmail-scanner
unzip it once for them, but I don't know what will happen with a
triple-zipped file.
I haven't seen any of this double-zipped virus, maybe Jason can say a
word about this.
Regards
Salvatore
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
