--On 9 June 2005 11:41:13 +1000 Ted Cooper <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 JM wrote:Besides just checking for malware with: # Reject virus infested messages. deny message = This message contains malware ($malware_name) malware = * Is it possible to look inside a zipped file for M$ files such as .exe .pif…… and bounce with something like A 550 the file you sent, has self executing code, please rename the file(s) and re-zip and send again…..I was pondering the same question the other day as a way to stop all these viruses that come with one executable file in them. Even if they are password protectect, I can still get a listing of the file that is inside. Keeping in mind, of course, that ClamAV does have the ability to scan inside archives, just not password encrypted ones. My train of thought moved to the individual MIME part ACL (acl_smtp_mime) available as part of 4.50+ and 4.x+exiscan. With this you could figure if it was a zip file and run some external command that did all the checking with the ${run directive (list contents of zip file, check to see if there's one file, see if it's an executable type or other blocked type). If someone knows how to do that _inside_ exim, that would be really cool :) This should really be part of a good file blocking system anyway, otherwise people can just zip dangerous content and send it anyway! A possible extention on this would be, once the virus writers have started adding more than 1 file to a zip file to help them get through, would be to try guess if the one executable is really a virus and if the other files are just filler. Do you think it's worth it? It's really only for passworded zips.
Not worth it. What do you do if your password encrypted zip contains another zip file? You can't tell what that contains.
Best to just not accept them. If someone really wants that kind of security let them use a secure ftp site, or something.
Ted. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCp544HTFM6KkFI5oRAumzAJ9icjcDsxzLf2K2b5FlPwitALy2bgCePXq7 Rpp0WdCUgteu5GhAC9bQZ+k= =3nw0 -----END PGP SIGNATURE-----
-- Ian Eiloart Servers Team Sussex University ITS -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
