blocking encrypted zips?

Michael Scheidell michael.scheidell at
Tue May 17 20:32:35 CEST 2011

On 5/17/11 2:05 PM, Andreas Schulze wrote:
> Michael,
>> what is best way to do it? I think I can have clamav do it, or
>> amavisd-do it, right?
> yes you can use both.
> as far as I know, amavisd can detect all what clamav also can detect.
> but keep in mind that the next clamav release will improve the handling of encrypted pdf.
> Andreas
hint as to how to do it in amavisd-new with policy based sql?

test file is a password protected (-e) zip with a jpg in it.

I got for @. (id1), policy=101
for policy 101, I have   banned_rulenames: NO-ENCRYPT,NO-EXE

in amavisd.conf

%banned_rules = (
''NO-EXE' => new_RE( 
'NO-ENCRYPT' => new_RE( qr'.\.(UNDECIPHERABLE)$'i, ),
'DEFAULT' => new_RE( [ qr'.*' => 0 ]),

amavisd does know its protected, the subject line gets changed to *** 

Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

    * Best Intrusion Prevention Product, Networks Product Guide
    * Certified SNORT Integrator
    * Hot Company Award, World Executive Alliance
    * Best in Email Security, 2010 Network Products Guide
    * King of Spam Filters, SC Magazine

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the amavis-users mailing list