On Thu, 05 Feb 2015 14:22:08 +0100, Benny Pedersen wrote:
>
> so i think foxhole need to test if zip contains another zip, when
> --max-recursion=1
>
Unfortunately such checking is not possible with rules.
But it actally gave me an idea. What if there was
"ArchiveBlockTooDeep" that wou
On Thu, 5 Feb 2015 14:31:07 +0100, polloxx wrote:
> We use amavisd to quarantaine all MS executable files, including zipped
> files.
> I asked a similar question in amavis. ML at 4/4/13. Replies from the
> members were quite helpful:
>
I am not sure, that it is possible to use amavis for chec
We use amavisd to quarantaine all MS executable files, including zipped
files.
I asked a similar question in amavis. ML at 4/4/13. Replies from the
members were quite helpful:
First check if .exe extension is not commented out in
$banned_filename_re definition, then check that 'zip' is not commen
Virgo Pärna skrev den 2015-02-05 13:59:
Well, foxhole is something I never thought to Google:)
+1
Clamav does unpack archives recursively up to 16 levels (by default).
yep, it just create another problem, zip bomps
For clamd it is set with MaxRecursion configuration value, for clamscan
w
On Thu, 05 Feb 2015 13:33:52 +0100, Benny Pedersen wrote:
>
> google foxhole clamav
>
Well, foxhole is something I never thought to Google:)
>
> my question will be what happen in clamav if scr is double packed with
> zip ?
>
Clamav does unpack archives recursively up to 16 levels (by
Virgo Pärna skrev den 2015-02-05 09:46:
Recently I have received some viruses that have scr inside zip
arhcive inside zip archive. And also there have been some cab's
containing exe
files.
google foxhole clamav
Since I have already blocked exe and scr files in exim mime check I
did try
On Thu, 5 Feb 2015 09:46:28 -, Steve Basford
wrote:
> On Thu, February 5, 2015 9:30 am, Virgo Pärna wrote:
>> mail content. Also, since regexes are actually case sensitive, it does not
>> match *.EXE. So there's that.
>
> (?i) will sort that case bit out...
>
I actually did not know tha
On Thu, February 5, 2015 9:30 am, Virgo Pärna wrote:
> On Thu, 5 Feb 2015 09:11:16 -, Steve Basford
>It does not match urls inside the
> mail content. Also, since regexes are actually case sensitive, it does not
> match *.EXE. So there's that.
Hi Virgo,
(?i) will sort that case bit out...
On Thu, 5 Feb 2015 09:11:16 -, Steve Basford
wrote:
>
> So, using CL_TYPE_MAIL will hit a url/filename mentoned in an email too,
> which might not be a bad thing but though I'd mention it.
>
I did know that. But I guess it is worth mentioning. I am using those
rules in mail server, wher
On Thu, 5 Feb 2015 08:54:07 -, Steve Basford
wrote:
>
> Might be worth having a look here too...
>
> http://sanesecurity.com/foxhole-databases/
>
I will be checking it out. I did try search
clamav custom rules
clamav custom rulesets
But Google has become very bad at finding things.
> I created exe_in_archive.cdb file in clamav database directory, that
> contains:
> Archived_EXE:*:*:.*\.exe:*:*:*:*:*:*
For got to add that the above sig, as you are using a *wildcard*
ContainerType, means that any exe in the following types will be blocked:
ContainerType: one of CL_TYPE_ZIP,
On Thu, February 5, 2015 8:46 am, Virgo Pärna wrote:
> Recently I have received some viruses that have scr inside zip
> arhcive inside zip archive. And also there have been some cab's containing
> exe files.
>
Might be worth having a look here too...
http://sanesecurity.com/foxhole-databases/
Recently I have received some viruses that have scr inside zip
arhcive inside zip archive. And also there have been some cab's containing exe
files.
Since I have already blocked exe and scr files in exim mime check I did try
to search Google for blocking those files inside archives. And
13 matches
Mail list logo
