Loading ...
Sorry, an error occurred while loading the content.
 

Re: How to block incoming emails with ZIP attachments containing EXE

Expand Messages
  • Simon Brereton
    ... sending ... You need a content filter like amavisd Simon
    Message 1 of 3 , Apr 19, 2013


      On 19 Apr 2013 18:47, "Andreas Freyvogel" <afreyvogel@...> wrote:
      >
      > Hi All,
      >
      > I'm not sure if this is the correct group to ask so apologies if it's not.
      >
      > I wanted to ask if anyone has a good way of sending emails that have ZIP
      > attachments that contain EXE files to QUARANTINE. I am using POSTFIX sending
      > to PROCMAIL and CLAMAV. I've looked into procmail recipies and clamav
      > options but nothing seems to work well for me.
      >
      > Thank you in advance for any assistance.

      You need a content filter like amavisd

      Simon

    • Noel Jones
      ... The Sanesecurity addon signatures for clamav has some specific signatures to detect executable files inside a zip. If you re using clamav in your procmail
      Message 2 of 3 , Apr 19, 2013
        On 4/19/2013 11:46 AM, Andreas Freyvogel wrote:
        > Hi All,
        >
        > I'm not sure if this is the correct group to ask so apologies if it's not.
        >
        > I wanted to ask if anyone has a good way of sending emails that have ZIP
        > attachments that contain EXE files to QUARANTINE. I am using POSTFIX sending
        > to PROCMAIL and CLAMAV. I've looked into procmail recipies and clamav
        > options but nothing seems to work well for me.
        >

        The Sanesecurity addon signatures for clamav has some specific
        signatures to detect executable files inside a zip.

        If you're using clamav in your procmail recipe, you can redirect
        infected mail to a specific mailbox or discard it.

        If you use the clamav-milter with postfix, it can put infected mail
        in the postfix hold queue.

        If you use amavisd-new for the clamav interface, you can save the
        mail in a quarantine.

        http://sanesecurity.com/
        http://sanesecurity.com/foxhole-databases/



        -- Noel Jones
      Your message has been successfully submitted and would be delivered to recipients shortly.