[clamav-users] Custom clamav rule to block exe and scr files in archive.

Virgo Pärna virgo.parna at mail.ee
Thu Feb 5 07:59:14 EST 2015


On Thu, 05 Feb 2015 13:33:52 +0100, Benny Pedersen <me at junc.eu> wrote:
>
> google foxhole clamav
>

    Well, foxhole is something I never thought to Google:)

>
> my question will be what happen in clamav if scr is double packed with 
> zip ?
>

    Clamav does unpack archives recursively up to 16 levels (by default). 
For clamd it is set with MaxRecursion configuration value, for clamscan 
with  --max-recursion=N command line switch. So that rule matches still.
    And I do doubt, that such viruses are hidden deeper. I would at 
least think, that odds of users accidentally executing such file would
decrease with deeper nesting. 

-- 
Virgo Pärna 
virgo.parna at mail.ee




More information about the clamav-users mailing list