ClamAV vs password-protected ZIP files
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Wed Jul 19 13:44:42 IST 2006
René Berber a écrit :
> Denis Beauchemin wrote:
>
>
>> It seems ClamAv now blocks password-encrypted ZIP files.
>>
>
> No it doesn't... unless you changed the default setting.
>
>
>> Could this
>> behaviour be changed? We block ZIPs if enclosed filenames match certain
>> patterns, otherwise we let them through. Now they always get blocked...
>>
>
> What do you see in your log as the clamavmodule message?
>
René,
This is the message:
Jul 18 03:03:08 smtpe2 MailScanner[18831]: ClamAVModule::INFECTED::
Encrypted.Zip:: ./k6I72VrO030528/Bennett.zip
But I just noticed the following one:
Jul 18 03:03:09 smtpe2 MailScanner[18831]: Viruses marked as silent:
ClamAV Module: msg-18831-96.html was infected: Worm.Bagle.pwd-eml,
McAfee: /k6I72VrO030528/Bennett.zip contient le virus
W32/Bagle.fc!pwdzip !!! ,Bitdefender: Found virus Win32.Bagle.GL at mm in
file Bennett.zip,ClamAV Module: Bennett.zip was infected: Encrypted.Zip
Sorry!!! Looks like the file contains a virus! :-!
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3226 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/3c649144/smime.bin
More information about the MailScanner
mailing list