Loading ...
Sorry, an error occurred while loading the content.

How to block incoming emails with ZIP attachments containing EXE

Expand Messages
  • Andreas Freyvogel
    Hi All, I m not sure if this is the correct group to ask so apologies if it s not. I wanted to ask if anyone has a good way of sending emails that have ZIP
    Message 1 of 3 , Apr 19, 2013
    • 0 Attachment
      Hi All,

      I'm not sure if this is the correct group to ask so apologies if it's not.

      I wanted to ask if anyone has a good way of sending emails that have ZIP
      attachments that contain EXE files to QUARANTINE. I am using POSTFIX sending
      to PROCMAIL and CLAMAV. I've looked into procmail recipies and clamav
      options but nothing seems to work well for me.

      Thank you in advance for any assistance.

      Regards,
      -Andreas

      Andreas Freyvogel
      ecmarket
      Customer Solutions Manager
      E: afreyvogel@...
      P: 604.638.2300 x147
      C: 604.603.3319
    • Simon Brereton
      ... sending ... You need a content filter like amavisd Simon
      Message 2 of 3 , Apr 19, 2013
      • 0 Attachment


        On 19 Apr 2013 18:47, "Andreas Freyvogel" <afreyvogel@...> wrote:
        >
        > Hi All,
        >
        > I'm not sure if this is the correct group to ask so apologies if it's not.
        >
        > I wanted to ask if anyone has a good way of sending emails that have ZIP
        > attachments that contain EXE files to QUARANTINE. I am using POSTFIX sending
        > to PROCMAIL and CLAMAV. I've looked into procmail recipies and clamav
        > options but nothing seems to work well for me.
        >
        > Thank you in advance for any assistance.

        You need a content filter like amavisd

        Simon

      • Noel Jones
        ... The Sanesecurity addon signatures for clamav has some specific signatures to detect executable files inside a zip. If you re using clamav in your procmail
        Message 3 of 3 , Apr 19, 2013
        • 0 Attachment
          On 4/19/2013 11:46 AM, Andreas Freyvogel wrote:
          > Hi All,
          >
          > I'm not sure if this is the correct group to ask so apologies if it's not.
          >
          > I wanted to ask if anyone has a good way of sending emails that have ZIP
          > attachments that contain EXE files to QUARANTINE. I am using POSTFIX sending
          > to PROCMAIL and CLAMAV. I've looked into procmail recipies and clamav
          > options but nothing seems to work well for me.
          >

          The Sanesecurity addon signatures for clamav has some specific
          signatures to detect executable files inside a zip.

          If you're using clamav in your procmail recipe, you can redirect
          infected mail to a specific mailbox or discard it.

          If you use the clamav-milter with postfix, it can put infected mail
          in the postfix hold queue.

          If you use amavisd-new for the clamav interface, you can save the
          mail in a quarantine.

          http://sanesecurity.com/
          http://sanesecurity.com/foxhole-databases/



          -- Noel Jones
        Your message has been successfully submitted and would be delivered to recipients shortly.