Loading ...
Sorry, an error occurred while loading the content.

Re: How to block incoming emails with ZIP attachments containing EXE

Expand Messages
  • Noel Jones
    ... The Sanesecurity addon signatures for clamav has some specific signatures to detect executable files inside a zip. If you re using clamav in your procmail
    Message 1 of 3 , Apr 19, 2013
    • 0 Attachment
      On 4/19/2013 11:46 AM, Andreas Freyvogel wrote:
      > Hi All,
      >
      > I'm not sure if this is the correct group to ask so apologies if it's not.
      >
      > I wanted to ask if anyone has a good way of sending emails that have ZIP
      > attachments that contain EXE files to QUARANTINE. I am using POSTFIX sending
      > to PROCMAIL and CLAMAV. I've looked into procmail recipies and clamav
      > options but nothing seems to work well for me.
      >

      The Sanesecurity addon signatures for clamav has some specific
      signatures to detect executable files inside a zip.

      If you're using clamav in your procmail recipe, you can redirect
      infected mail to a specific mailbox or discard it.

      If you use the clamav-milter with postfix, it can put infected mail
      in the postfix hold queue.

      If you use amavisd-new for the clamav interface, you can save the
      mail in a quarantine.

      http://sanesecurity.com/
      http://sanesecurity.com/foxhole-databases/



      -- Noel Jones
    Your message has been successfully submitted and would be delivered to recipients shortly.