[clamav-users] Whitelisting extensions for virus scan
Tilman Schmidt
tschmidt at cardtech.de
Tue Oct 30 12:46:21 UTC 2018
Am 29.10.18 um 17:33 schrieb Kris Deugau:
> Tilman Schmidt wrote:
>> Am 26.10.18 um 15:34 schrieb Johnny Time:
>>> For exemple, we wanted to authorize only a white list which contains
>>> *.doc,*.xls,*.pdf and ban the others extensions.
>>
>> Surely you meant to write "*.docx,*.xlsx,*.pdf"?
>> *.doc and *.xls are the old, malware-prone MS-Office filetypes.
>> You don't want to let those pass, at least not without rigorous
>> examination.
>
> In my experience, the new ones aren't any better.
The "*m" ones (with macros) certainly aren't, but the "*x" ones (without
macros) have so far never caused any trouble at our site.
So we put mails with *.doc, *.xls, *.docm and *.xlsm attachments in
quarantine, only releasing them upon request after manual inspection,
but let *.docx and *.xlsx pass if the ClamAV scan turns up clean.
T.
More information about the clamav-users
mailing list