> My question is what am I doing wrong or what do I need to do in order > for Clamav to recognize that a archived attachment contains a banned > file extension and to reject it immediately?
If you really want to block "dangerous" runnable attachments, create a .zmd file (and you'll need a .rmd file) For example: Sanesecurity.Blocked.Zip.xxx.exe:0:\.(doc|xls|wpd|txt|jpg|jpeg|htm|html|pdf|pif|scr).exe$:*:*:*:*:*:* [blocks certain .xxx.exe types, ie. uses double extension to fool users, eg .doc.exe, .jpg.exe] Here's a really quickly put together file (and I'm sure it can be greatly improved on), but if you really want to test it: http://www.sanesecurity.co.uk/clamav/blocked.zmd You'll need to create a .rmd version of this, to block items in .rar files. Totally overkill maybe, but the ClamAV engine can do it :) Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml