Better antivirus (AV) protection?

Tue Apr 5 23:20:19 CEST 2022

On 5/4/2022 11:06 μ.μ., Bastian Blank wrote:
> This is no 7z file, the same as was already reported here.

Exactly. However the problem was solved, as you may see in the last 
mails of the thread, by installing unrar on the OS.

The malicious sender, as was mentioned earlier, tries to confuse 
scanners by deliberately using a wrong extension, to push the attachment 
without scanning.

Amavis identifies correctly the type of the compressed archive and uses 
the right decoder (if available).

The real problem, in the end, is that the virus is not detected in the 
infected file by ClamAV (after archive decoding). Is it effective and 
efficient to use two mail scanners back-to-back?

> I would just ban rar files outright.

I would hesitate to drop RAR, as it is a compression format we respect 
and use and the fact that some malicious parties use it is no sufficient 
reason for dropping it, I think.

My 2c.

Best regards,
Nick