deny cabinet files?

[Aaron K. Moore]

Sophos will scan them if you use the -cab switch on the command line.

-- 
Aaron Kent Moore
Information Technology Services
DeKalb Memorial Hospital, Inc.
Auburn, IN
Phone:  260.920.2808
E-mail:  amoore at dekalbmemorial.com

Julian Field wrote:
> Good point, it's a format that I expect many virus scanners miss. And
> Windows users have in-built support for opening them too, IIRC.
> 
> I'll add that rule to the default set of rules I supply.
> 
> On 8 Jul 2005, at 13:53, Jeff A. Earickson wrote:
> 
>> Julian,
>> 
>> I got a suspicious email today with a .cab file attachment.
>> I've submitted the file to clam, but this inspired me to
>> add the following rule to filename.rules.conf:
>> 
>> deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet
>> files may hide viruses 
>> 
>> \t for real tabs here.  I googled and checked Microsoft's
>> website and see no positive use for an emailed .cab file.
>> Anybody else seen this?
>> 
>> Jeff Earickson
>> Colby College
>> 
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>> 
>> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!