keep original filenames from zip file for virus scanning?
Marius Gologan
marius.gologan at gmail.com
Wed May 31 16:23:12 CEST 2017
Did you try to "retain full original message for virus checking" using this below in your amavis @keep_decoded_original_maps ?
qr'^MAIL$'
Marius
On Wed, May 31, 2017 at 4:48 PM +0300, "Gerben Roest" <g.roest at grepit.nl> wrote:
Hello,
I noticed that a javascript trojan slipped through because amavis
extracted the virus from the zip file to something like:
/var/lib/amavis/tmp/amavis-20170522T095840-15377-v7RlAZkS/parts/p005
and my virus scanner "esets_cli" didn't recognize that as a virus. I
noticed that esets_cli needs the .js extension (or .bat or something) to
recognize it.
ESET doesn't have a mode or flag to disregard any extensions, so my hope
is that I can tell amavis not to extract to p005 but to 15364.js for
instance. Is that possible?
Thanks,
Gerben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20170531/46cfc3a8/attachment.html>
More information about the amavis-users
mailing list