.zip file passes through the filter
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Mar 2 16:11:58 GMT 2004
At 15:19 02/03/2004, you wrote:
>Hi, all,
>
>We met a .zip virus in our system and have to block all encrypted .zip
>files. I modified filename.rules.conf in /opt/MailScanner/etc as
>
>#allow \.zip$ - -
>deny \.zip$
That will generate a syntax error in your maillog. There should be 2 text
entries after the \.zip$ which are the log text and the user text of the
warnings it should generate.
Also, my comment below about tab separation applies here too.
>and in filetype.rules.conf I denied:
>deny archive - -
>deny self-extract No self-extracting archives No self-extracting
>archives allowed
Are you sure those lines have the fields separated by tab characters? It
clearly says at the top of the file that they need to be tab-separated.
>But the infected .zip file still could pass through the filter. We are
>using the latest mcfee data file.
>
>Any suggestion?
>
>Thanks a lot
>
>Wei
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list