AW: AW: Allowing exe files in zip format

Thread: AW: AW: Allowing exe files in zip format

Search this list only Search all lists
AW: AW: Allowing exe files in zip format
	2006-04-01 16:08:59
MD wrote: > But as I see now, if I add: > $banned_filename_re = new_RE( > ... > [ qr'^\.(rpm\|cpio\|tar)$' => 0 ], # allow any in Unix-type > archives > [ qr'^\.(gz)$'=> 0], # allow gzipped > [ qr'^\.(zip\|rar\|arc\|arj\|zoo)$'=> 0 ], # allow any within such > archives > [ qr'^\.(smp)$'=> 0 ], # allow Supermailer file > not only forbidden exefiles (within banned_filename_re) are passed, but > also complete virus check is being passed?! Banning (or allowing certain files to pass through banned checks) does not affect virus scanning. http://www.ijs.si/software/amavisd/amavisd-new-d ocs.html#actions Gary V ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/ sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

AW: AW: AW: Allowing exe files in zip format
	2006-04-03 11:18:23
Strange: > > But as I see now, if I add: > > $banned_filename_re = new_RE( > > ... > > [ qr'^\.(rpm\|cpio\|tar)$' => 0 ], # allow any in Unix-type > > archives > > [ qr'^\.(gz)$'=> 0], # allow gzipped > > [ qr'^\.(zip\|rar\|arc\|arj\|zoo)$'=> 0 ], # allow any within such > > archives [ qr'^\.(smp)$'=> 0 ], # allow Supermailer file > > > not only forbidden exefiles (within banned_filename_re) are passed, > > but also complete virus check is being passed?! > > Banning (or allowing certain files to pass through banned checks) does > not affect virus scanning. Before activating the banned_re as described below, a eicar.zip has been detected as a virus properly (OK, due to BANNED NAME). Now after the activation of the banned_re, eicar.zip passes with no warning. Sure, a eicar.com is being removed due to banned_re (.com) But also if I send a VIRUS file with changed extension: The message WILL NOT BE delivered to: Scanner detecting a virus: Clam Antivirus-clamd ... 550 5.7.1 Message content rejected, id=23377-09 - VIRUS: Trojan.PSW.Snitch.11 ... Virus scanner output: /var/lib/amavis/amavis-20060403T123355-23377/parts/part-0000 2: Trojan.PSW.Snitch.11 FOUND And if I do a zip in this file and send ist, it isn't being detected anymore What's wrong here?! Miro Dietiker +-------------------------------+ +-------------------------------+ \| Miro Dietiker \| \| MD Systems Miro Dietiker \| +-------------------------------+ +-------------------------------+ ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/ sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )