Forwarded mails are not scanned
Benny Pedersen
me at junc.eu
Wed Mar 11 21:34:26 CET 2015
Thomas M Steenholdt skrev den 2015-03-11 20:17:
> Having only just heard of foxhole signatures it looks like ClamAV will
> to check for various filetypes within certain archives. Is that
> correct?
yes, it unpacks all possible archives, and then try to match files types
after unpack, thats why i think you can use it with amavisd, possible
maps signatures in clamav to spamscore in amavisd so it just detection,
but imho this part is not needed to mangle since it is fair detection,
send a exe and it will not be blocked in foxhole, but send a exe packed
in zip will
> Do you have a reference page on the topic you can recommend?
http://sanesecurity.com/foxhole-databases/
> I'm not entirely sold on the idea, that I would need to fire up an AV
> scanner to block attachments in an attached mail. I mean, Amavis has
> the
> code loaded to handle the "outer" mail already. It should be able to
> use
> the exact same code to handle the "inner" mail as well?
yes, but it does imho not do it recursive, with is why i say foxhole :=)
> In case I wasn't clear, I want banned files inside the attached
> mail-file to be banned exactly as if they had been attached directly to
> the "outer" mail.
yep this can be done with clamav+foxhole+amavisd where you maps clamav
signatures to spam score, amavisd cant imho unpack and match recursive
enough to make the same hits possible, but this depends on file(util)
and how unpack and scanning is configured in amavisd
remember amavisd is not a virus scanner its a nice interface for virus /
spam scanners
More information about the amavis-users
mailing list