Re: [Exim] Encrypted Viruii

Top Page
This message is part of the following thread:
M-+-+--\the complete thread tree sorted by date
M.M\M\.MDerrick at <-
MMMMMMMDennis Davis at ->
Delete this message
Reply to this message
Author: Rossz Vamos-Wentworth
Date:  
To: Exim-users
Subject: Re: [Exim] Encrypted Viruii
Ron McKeating wrote:
> We are seeing more of these emails with an encrypted zip file containing
> a virus with the password in the text. You would have to be a very
> stupid user to fall for this, but are we the only site to have one or
> two very stupid users...?

I'm using Exiscan-ACL and reject the more dangerous file types such as
exe and pif. My reject message specifically says to archive those types
up. I won't reject simply because a zip is password protected since
that could be legitimate.

Normally, I use ClamAV to scan all archives before passing them along.
Since that may not be possible (and I admit, I never even considered
password protected archives before), I'd like to simply change the
subect. e.g. "Here's the spreadsheet" becomes "[UNSCANNED] Here's the
spreadsheet".

How would I detect a passworded archive with Exiscan-ACL? I figure I'd
set something like "X-Scanned: No" in the header and use a system filter
to make the subject change.

--
Rossz


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Exiscan and Clam AntiVirus[Exim] SpamAssassin + Exim Question->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)