Author: Rossz Vamos-Wentworth Date: To: Exim-users Subject: Re: [Exim] Encrypted Viruii
Ron McKeating wrote: > We are seeing more of these emails with an encrypted zip file containing
> a virus with the password in the text. You would have to be a very
> stupid user to fall for this, but are we the only site to have one or
> two very stupid users...?
I'm using Exiscan-ACL and reject the more dangerous file types such as
exe and pif. My reject message specifically says to archive those types
up. I won't reject simply because a zip is password protected since
that could be legitimate.
Normally, I use ClamAV to scan all archives before passing them along.
Since that may not be possible (and I admit, I never even considered
password protected archives before), I'd like to simply change the
subect. e.g. "Here's the spreadsheet" becomes "[UNSCANNED] Here's the
spreadsheet".
How would I detect a passworded archive with Exiscan-ACL? I figure I'd
set something like "X-Scanned: No" in the header and use a system filter
to make the subject change.