[clamav-users] Custom clamav rule to block exe and scr files in archive.
Virgo Pärna
virgo.parna at mail.ee
Thu Feb 5 12:59:14 UTC 2015
On Thu, 05 Feb 2015 13:33:52 +0100, Benny Pedersen <me at junc.eu> wrote:
>
> google foxhole clamav
>
Well, foxhole is something I never thought to Google:)
>
> my question will be what happen in clamav if scr is double packed with
> zip ?
>
Clamav does unpack archives recursively up to 16 levels (by default).
For clamd it is set with MaxRecursion configuration value, for clamscan
with --max-recursion=N command line switch. So that rule matches still.
And I do doubt, that such viruses are hidden deeper. I would at
least think, that odds of users accidentally executing such file would
decrease with deeper nesting.
--
Virgo Pärna
virgo.parna at mail.ee
More information about the clamav-users
mailing list