Am 24.02.2015 um 22:42 schrieb Axb:
On 02/24/2015 10:32 PM, Kris Deugau wrote:
These are almost certainly viruses. Upload one or two of the .zip files
to virustotal.com to check against a long list of AV scanners.
Didn't check it. Avira AntiVir (my desktop scanner) didn't notice any of
these files while I created the archive. When scanning the files on
demand, the scanner ends up in a life lock, not finishing. But it has
found at least one malware until then.
ClamAV has become a framework... and atm, you can open a a bottle of
bubbly if the official sigs actually detect anything.
Oh great. Now that I've finally set up ClamAV on the server, it's
useless? At least it can detect the EICAR test signature, and
occasionally I've seen it detecting other things, but I rarely get in
touch with real malware so I didn't test that.
Take a look at the Sanesecurity's FoxHole sigs
From the description, they only block by file name pattern. I can't
block all archives with executable files in them. People need to send
those files from time to time. And they know that a plain attached .exe
won't get through filters, so they put it in a .zip archive. If the mail
server now blocks all .exe in .zip without actually scanning the
contents, they're going to complain.
--
Yves Goergen
http://unclassified.software
