[clamav-users] Custom clamav rule to block exe and scr files in archive.
me at junc.eu
Thu Feb 5 08:22:08 EST 2015
Virgo Pärna skrev den 2015-02-05 13:59:
> Well, foxhole is something I never thought to Google:)
> Clamav does unpack archives recursively up to 16 levels (by default).
yep, it just create another problem, zip bomps
> For clamd it is set with MaxRecursion configuration value, for clamscan
> with --max-recursion=N command line switch. So that rule matches
unless the scr is nasted 17 times in zip
so i think foxhole need to test if zip contains another zip, when
> And I do doubt, that such viruses are hidden deeper. I would at
> least think, that odds of users accidentally executing such file would
> decrease with deeper nesting.
if just end users did not press to see attachment from unknown senders,
it would be less of a problem, and if microsoft blocks installers or exe
files from unknown signers when users running administrator mode, it
would make a big diffrence
i try to defend developpers to not create clamav as a elf installer :=)
there is lots of such badnees already
More information about the clamav-users