Re: [Exim] exiscan and pif in zip

Pàgina inicial
Delete this message
Reply to this message
Autor: Odhiambo G. Washington
Data:  
A: exim-users
CC: Rory Campbell-Lange
Assumpte: Re: [Exim] exiscan and pif in zip
* Rory Campbell-Lange <rory@???> [20040324 21:40]: wrote:
> exim4-heavy on Debian testing
> Contains exiscan-acl patch revision 14 (c)
>
> I'm concerned that we are getting a number of pif and scr files within
> zip file archives. We allow zip files through exiscan.
>
> I've looked at the file inside the zip file (often called something like
> document.txt\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ .pif) and scanned it with
> clamscan, which doesn't report it as having a virus payload. Is it not
> one of the new activex worms?
>
> Any advice or pointers to past threads much appreciated.


I should think that files in an archive should not pose an immediate
threat, but if they have a harmful payload, then yes.
However, if you check the list archives, you will find several
discussions about executables concealed inside zip (and even rar)
archives. Use one of those solutions.
As a side note, clamd does catch these stuff, but I think that
capability is in the CVS versions (or maybe in code never that the
0.68 version).



        cheers
       - wash
+----------------------------------+-----------------------------------------+
Odhiambo Washington                     . WANANCHI ONLINE LTD (Nairobi, KE)  |
<wash at wananchi dot com>              . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223                 . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121                 . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"
                         --from a /. post