Re: [Exim] Encrypted Viruii

Top Page
Delete this message
Reply to this message
Author: Rossz Vamos-Wentworth
Date:  
To: Exim-users
Subject: Re: [Exim] Encrypted Viruii
Ron McKeating wrote:
> We are seeing more of these emails with an encrypted zip file containing
> a virus with the password in the text. You would have to be a very
> stupid user to fall for this, but are we the only site to have one or
> two very stupid users...?


I'm using Exiscan-ACL and reject the more dangerous file types such as
exe and pif. My reject message specifically says to archive those types
up. I won't reject simply because a zip is password protected since
that could be legitimate.

Normally, I use ClamAV to scan all archives before passing them along.
Since that may not be possible (and I admit, I never even considered
password protected archives before), I'd like to simply change the
subect. e.g. "Here's the spreadsheet" becomes "[UNSCANNED] Here's the
spreadsheet".

How would I detect a passworded archive with Exiscan-ACL? I figure I'd
set something like "X-Scanned: No" in the header and use a system filter
to make the subject change.

--
Rossz