Le mardi 3 janvier 2017, 05:14:52 CET Gene Heskett a écrit :
> > ERROR: VirusEvent: fork failed.
>
> I've no clue, never tried that. What I do for quaranteen is with a
> procmail script. Lemme see if I can find it. Yup, here are snippets.
I'm more interested in fixing this worrying "fork
Le mardi 3 janvier 2017, 10:31:51 CET Vladislav Kurz a écrit :
> > So I though that "VirusEvent" could be an appropriate way to do it. (Is
> > there any better way?)
>
> try using amavis together with your SMTP server. It has options to put
> mail into quarantine and to notify recipients, that
Hello,
I would like to keep emails detected as virus by ClamAV on the filesystem, in
order to be able to retrieve false-positive when users asks for them. After a
few days, a simple cronjob would remove them.
So I though that "VirusEvent" could be an appropriate way to do it. (Is there
any
Le lundi 28 novembre 2016, 10:28:03 CET Paul Kosinski a écrit :
> Of course, if anybody is able to find out what the magic filename is,
> they could mount a targeted attack.
Of course, but thanks for the warning.
> How are the PDFs generated? Would it be possible to attach a
> cryptographic
Le lundi 28 novembre 2016, 14:28:11 CET Steve Basford a écrit :
> I guess this *might* be an option.
Thanks for your reply and this idea.
> 1. Find something common in your pdf you want to "whitelist", say "Your
> company name or department", convert this to hex.
Let's say "My Safe PDF" →
Hello,
Is there any way to whitelist a file based on it's signature *and* it's
filename?
My case is about a legit PDF file embedding JavaScript sent by users by email.
Its signature is "PUA.Script.PDF.EmbeddedJavaScript", but its MD5 hash is
always different (probably because users are saving
