stopping clamav detecting encrypted zip files
am.lists at gmail.com
Wed Apr 4 16:52:27 IST 2007
On 4/4/07, Gareth <list-mailscanner at linguaphone.com> wrote:
> On Wed, 2007-04-04 at 16:05, am.lists wrote:
> > On 4/4/07, Gareth <list-mailscanner at linguaphone.com> wrote:
> > > I use mailscanner to manage the quaranteen.
> > > The problem that I am getting is that clamav is detecting encrypted zip
> > > files as a virus. The only config file I can find is in
> > > /usr/local/clamd.conf which sais that feature is disabled by default and
> > > I have the line commented out.
> > >
> > > Any ideas?
> > >
> > Yes. It's in /etc/MailScanner.conf (or wherever your MailScanner.conf is)
> > # Should encrypted messages be blocked?
> > # This is useful if you are wary about your users sending encrypted
> > # messages to your competition.
> > # This can be a ruleset so you can block encrypted message to certain domains.
> > Block Encrypted Messages = no
> I have that set to yes which is what I want. Mailscanner detects it as a
> encrypted zip and blocks it.
> The problem I have is that clamav also detects it as a virus and so I am
> unable to release the message using mailwatch as it is classed as
> dangerous content.
How about setting this to no...
I'm not sure about this (others, any help here?) but if MS uses Clam
to determine if it's a clean file or not, and if you tell it to block
encrypted messages, (your setting of 'yes' above), then the below will
say that if clam (or any other a/v) says it's not a clean message,
don't bother quarantining the message.
# Do you want to stop any virus-infected spam getting into the spam or MCP
# archives? If you have a system where users can release messages from the
# spam or MCP archives, then you probably want to stop them being able to
# release any infected messages, so set this to yes.
# It is set to no by default as it causes a small hit in performance, and
# many people don't allow users to access the spam quarantine, so don't
# need it.
# This can also be the filename of a ruleset.
Keep Spam And MCP Archive Clean = yes
If you turn this setting off, you should be able to release the file.
More information about the MailScanner