blocking encrypted zips?
michael.scheidell at secnap.com
Tue May 17 20:32:35 CEST 2011
On 5/17/11 2:05 PM, Andreas Schulze wrote:
>> what is best way to do it? I think I can have clamav do it, or
>> amavisd-do it, right?
> yes you can use both.
> as far as I know, amavisd can detect all what clamav also can detect.
> but keep in mind that the next clamav release will improve the handling of encrypted pdf.
hint as to how to do it in amavisd-new with policy based sql?
test file is a password protected (-e) zip with a jpg in it.
I got for @. (id1), policy=101
for policy 101, I have banned_rulenames: NO-ENCRYPT,NO-EXE
%banned_rules = (
''NO-EXE' => new_RE(
'NO-ENCRYPT' => new_RE( qr'.\.(UNDECIPHERABLE)$'i, ),
'DEFAULT' => new_RE( [ qr'.*' => 0 ]),
amavisd does know its protected, the subject line gets changed to ***
Michael Scheidell, CTO
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the amavis-users