[clamav-users] Custom clamav rule to block exe and scr files in archive.

Virgo Pärna virgo.parna at mail.ee
Thu Feb 5 09:15:06 EST 2015


On Thu, 05 Feb 2015 14:22:08 +0100, Benny Pedersen <me at junc.eu> wrote:
>
> so i think foxhole need to test if zip contains another zip, when 
> --max-recursion=1
>

    Unfortunately such checking is not possible with rules.

    But it actally gave me an idea. What if there was 
"ArchiveBlockTooDeep" that would mark archives that go over 
recursion limit same way as encrypted archives when 
"ArchiveBlockEncrypted" is set. 

>
> if just end users did not press to see attachment from unknown senders, 
> it would be less of a problem, and if microsoft blocks installers or exe 
> files from unknown signers when users running administrator mode, it 
> would make a big diffrence
>

    For some reason I thought, that built in support for treating zip 
files as folders in Windows had problems with recursive files. But 
that does not appear to be the case. Unfortunately.

-- 
Virgo Pärna 
virgo.parna at mail.ee




More information about the clamav-users mailing list