[clamav-users] Custom clamav rule to block exe and scr files in archive.

Virgo Pärna virgo.parna at mail.ee
Thu Feb 5 03:46:31 EST 2015


    Recently I have received some viruses that have scr inside zip 
arhcive inside zip archive. And also there have been some cab's containing exe 
files.

    Since I have already blocked exe and scr files in exim mime check I did try
to search Google for blocking those files inside archives. And since I did not 
have mutch success with it, I decided to post sample rules here.

    I created exe_in_archive.cdb file in clamav database directory, that 
contains:
Archived_EXE:*:*:.*\.exe:*:*:*:*:*:*
Archived_SCR:*:*:.*\.scr:*:*:*:*:*:*
Archived_PIF:*:*:.*\.pif:*:*:*:*:*:*
Archived_COM:*:*:.*\.com:*:*:*:*:*:*

-- 
Virgo Pärna 
virgo.parna at mail.ee




More information about the clamav-users mailing list