Hi Tom,
.ftm files contain magic headers of various formats.
Cat daily.ftm
Cat sanesecurity.ftm
The engine then unpacks if it's a zip etc and the unpacked exists. That's
why your example filename still unpacks.
You can also use. ftm to skip file formats from scanning.
I'm mobile at the moment ...so sorry if this is a bit vague.
Cheers,
Steve
Twitter: @sanesecurity
On 12 December 2016 16:44:17 TR Shaw <ts...@oitc.com> wrote:
How does ClamAV decide to unpack an attachment?
In particular this is in reference to the recent Locky attachments that are
zips but have the attachment extension “dip”
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
