[clamav-users] Custom clamav rule to block exe and scr files in archive.

Benny Pedersen me at junc.eu
Thu Feb 5 07:33:52 EST 2015


Virgo Pärna skrev den 2015-02-05 09:46:
> Recently I have received some viruses that have scr inside zip
> arhcive inside zip archive. And also there have been some cab's 
> containing exe
> files.

google foxhole clamav

>     Since I have already blocked exe and scr files in exim mime check I 
> did try
> to search Google for blocking those files inside archives. And since I 
> did not
> have mutch success with it, I decided to post sample rules here.

this is a foxhole rule snippet :=)

my question will be what happen in clamav if scr is double packed with 
zip ?

so the first unzip will be another zip file, that contains the scr file, 
hopefully foxhole rules do test it or clamav unpack all



More information about the clamav-users mailing list