Autor: Adam D. Barratt Data: Dla: Exim users mailing list Temat: Re: [Exim] Regex for catching RAR flavour of Bagle/beagle
On Friday, March 19, 2004 12:58 PM, Bruce Richardson <itsbruce@???>
wrote:
> On Fri, Mar 19, 2004 at 01:40:46PM +0100, Marcin Owsiany wrote:
>> Might be useful for someone... [...] > The exiscan patch plus a decent av scanner (e.g. clamav) are both more
> reliable and considerably less work than this method, imho. Less
> likely to give false positives, also.
We use a combination approach:
1) Log anything that looks like a password-encrypted zip / rar
2) Pass them through clamav via exiscan-acl (with databases updated every
two hours)
3) Freeze anything that clamav claims is clean, for further inspection
Of the half-dozen that have so far made it to step three, all have turned
out to contain a variant of Bagle.