[Exim] Re: [exiscanusers] Zip virus protected by password

Góra strony
Delete this message
Reply to this message
Autor: Vergottini.Neil
Data:  
Dla: R.B. (Rick)
CC: exim-users, exiscanusers@duncanthrax.net
Temat: [Exim] Re: [exiscanusers] Zip virus protected by password
This is a multipart message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Here's what I'm using with uvscan to reject password protected zip files:

av_scanner = cmdline:/usr/local/bin/uvscan --noboot -r --unzip --mime %s:\
             Found|password-protected:(?::Found |Found:: |is
)(password-protected|.+)


This will return "password-protected" in $malware_name instead of a virus
name.

Neil




"R.B. (Rick)" <black.hawk@???>
03/05/2004 06:14 AM

To
"exiscanusers@???" <exiscanusers@???>,
exim-users@???
cc

Subject
[exiscanusers] Zip virus protected by password






Hi all,
i'm using exim 4.30 with exiscan and uvscan antivirus. Now...i'm
receiving a lot of viruses with zip protected by password... exiscan
grep uvscan output for Found string and so this zip password protected
aren't scanned.

Unfortunately i see that ?$ is always 0 in case of good attachment and
in case of password protected zip.

We would like to reject password protected zip...maybe grepping
'password protected' too...

any ideas?

Thanks

Riccardo




--