On 2015-03-11 14:54, Benny Pedersen wrote: > Thomas M Steenholdt skrev den 2015-03-11 18:38: > >>> if its blocked where is the problem then ? >> What I meant was; Files that should otherwise have been blocked, are let >> through. > > so far so good > >> Let me try to get a log snippet... > > +1 > >>> first step if possible try foxhole signatures in clamav, did that >>> solve it ? >> ClamAV should not be involved in blocking filetypes, right? > > i did not say block, but only detect, then amavisd-new can make better > desision later > >>> you say forwarded, is it forwarded localy or remote forwarded ? >> Forwarded in the MUA. E.g. thunderbird, right click e-mail and forward >> as attachment. Results in a new e-mail, with an .eml file attached. This >> .eml file is a complete mail including .zip, .exe, .scr, .whatnot. >> >> ClamAV actually scans the .eml file and finds infected files. Problem is >> when a new outbreak occur, stuff like .scr and .exe files are let >> through this way (before ClamAV's signature detects it's infected). > > thats why i say foxhole signature > >>> is the malware detected if you ripmime emails that contains it ? > >> In that case, the individual attachments (inside the .eml attchment) is >> found just fine. The problem is with the .eml file not being processed >> properly. > > yes this is a feature of amavisd-new not a problem in clamav with > foxhole sigs Having only just heard of foxhole signatures it looks like ClamAV will to check for various filetypes within certain archives. Is that correct?
Do you have a reference page on the topic you can recommend? I'm not entirely sold on the idea, that I would need to fire up an AV scanner to block attachments in an attached mail. I mean, Amavis has the code loaded to handle the "outer" mail already. It should be able to use the exact same code to handle the "inner" mail as well? In case I wasn't clear, I want banned files inside the attached mail-file to be banned exactly as if they had been attached directly to the "outer" mail. > >>> i have more silly questions if it helps :=) >> Bring 'em on :-) > > how old are you ?
