[clamav-users] Block all "EXE/SRC" or MS-EXE/DLL file
Vincent Fox
vbfox at ucdavis.edu
Wed Apr 9 03:17:57 UTC 2014
On 4/8/2014 8:12 PM, Carl Brewer wrote:
> On 13/02/2014 8:48 PM, Sim wrote:
>> Hello!
>> In the last weeks/months the unrecognized virus are increasingly
>> exponentially
>> (not only for Clamav but for all antivirus).
>> My idea is "block" all EXE/SRC (also into ZIP/RAR).
>> Executing "clamscan --debug filename" I can see:
>>
>> - LibClamAV debug: Recognized MS-EXE/DLL file
>> - Section contains executable code
>>
>> Which is the best solution/way to block all EXE/executable files?
>
> If it's on a mail server, why not use the MTA to block it?
We use the signature database Foxhole_all.
After a ransomware (Cryptolocker) outbreak unfortunately.
That covers most dangerous types inside ZIP, RAR.
More information about the clamav-users
mailing list