[clamav-users] Custom clamav rule to block exe and scr files in archive.
Benny Pedersen
me at junc.eu
Thu Feb 5 12:33:52 UTC 2015
Virgo Pärna skrev den 2015-02-05 09:46:
> Recently I have received some viruses that have scr inside zip
> arhcive inside zip archive. And also there have been some cab's
> containing exe
> files.
google foxhole clamav
> Since I have already blocked exe and scr files in exim mime check I
> did try
> to search Google for blocking those files inside archives. And since I
> did not
> have mutch success with it, I decided to post sample rules here.
this is a foxhole rule snippet :=)
my question will be what happen in clamav if scr is double packed with
zip ?
so the first unzip will be another zip file, that contains the scr file,
hopefully foxhole rules do test it or clamav unpack all
More information about the clamav-users
mailing list