[clamav-users] Custom clamav rule to block exe and scr files in archive.
Virgo Pärna
virgo.parna at mail.ee
Thu Feb 5 08:46:31 UTC 2015
Recently I have received some viruses that have scr inside zip
arhcive inside zip archive. And also there have been some cab's containing exe
files.
Since I have already blocked exe and scr files in exim mime check I did try
to search Google for blocking those files inside archives. And since I did not
have mutch success with it, I decided to post sample rules here.
I created exe_in_archive.cdb file in clamav database directory, that
contains:
Archived_EXE:*:*:.*\.exe:*:*:*:*:*:*
Archived_SCR:*:*:.*\.scr:*:*:*:*:*:*
Archived_PIF:*:*:.*\.pif:*:*:*:*:*:*
Archived_COM:*:*:.*\.com:*:*:*:*:*:*
--
Virgo Pärna
virgo.parna at mail.ee
More information about the clamav-users
mailing list