[clamav-users] Question on attachments
Steve basford
steveb_clamav at sanesecurity.com
Mon Dec 12 17:45:34 UTC 2016
Hi Tom,
.ftm files contain magic headers of various formats.
Cat daily.ftm
Cat sanesecurity.ftm
The engine then unpacks if it's a zip etc and the unpacked exists. That's
why your example filename still unpacks.
You can also use. ftm to skip file formats from scanning.
I'm mobile at the moment ...so sorry if this is a bit vague.
Cheers,
Steve
Twitter: @sanesecurity
On 12 December 2016 16:44:17 TR Shaw <tshaw at oitc.com> wrote:
> How does ClamAV decide to unpack an attachment?
>
> In particular this is in reference to the recent Locky attachments that are
> zips but have the attachment extension “dip”
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list