[clamav-users] Custom clamav rule to block exe and scr files in archive.
steveb_clamav at sanesecurity.com
Thu Feb 5 04:11:16 EST 2015
> I created exe_in_archive.cdb file in clamav database directory, that
For got to add that the above sig, as you are using a *wildcard*
ContainerType, means that any exe in the following types will be blocked:
ContainerType: one of CL_TYPE_ZIP, CL_TYPE_RAR, CL_TYPE_ARJ,
CL_TYPE_CAB, CL_TYPE_7Z, CL_TYPE_MAIL, CL_TYPE_(POSIX|OLD)_TAR,
So, using CL_TYPE_MAIL will hit a url/filename mentoned in an email too,
which might not be a bad thing but though I'd mention it.
Web : sanesecurity.com
More information about the clamav-users