sorry if this has been discussed recently, getting over 2000 messages a
week it's hard to stay on top of the mailing lists constantly. i am
searching the archives now for any solutions, none so far. Here's what we
are seeing, a virus in a zipped file, that is password protected. my
settings:
av_scanner = cmdline: /usr/local/bin/sweep -all -archive -ss %s:\
found:'(.+)'
and in the ACL for content checking:
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains an unwanted file extension
($found_extension)
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:\
hlp:hta:inf:ins:isp:jse?:lnk:mdb:mde:msc:msi:msp:mst:\
pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wdf:wsh:wsc
deny message = This message contains malware ($malware_name)
demime = *
malware = *
Just wondering if there's something i've missed..
not sure if this will help but I changed my scanner line to:
av_scanner=cmdline: /usr/local/bin/sweep -all -archive -mime -tnef -ss
%s:\
found:'(.+)'
