stopping clamav detecting encrypted zip files

Glenn Steen glenn.steen at gmail.com
Thu Apr 19 14:33:17 IST 2007 

On 05/04/07, Gareth <list-mailscanner at linguaphone.com> wrote:
> On Thu, 2007-04-05 at 10:10, Dhawal Doshy wrote:
> > Gareth wrote:
> > > On Wed, 2007-04-04 at 17:04, Aaron K. Moore wrote:
> > >
> > >> Are you using the clamavmodule?  I've had the same problem.  There's a
> > >> commandline switch to turn that notice if when using clamscan, but not
> > >> with the module.  I'd suggested earlier that someone should add code for
> > >> clamav, like the code for Sophos that allows you to specify messages to
> > >> ignore.
> > >
> > > I think its a bug in Mailscanner. There appears to be code in place in
> > > the routine which calls clamavmodule which disables blocking of
> > > encrypted files if there is a config option 'allowpasszips' set but I
> > > cannot find that option.
> > >
> > > Anyway below is a diff which disables blocking of encrypted archives
> > > which is working fine for me.
> > >
> > > /usr/lib/MailScanner/MailScanner/SweepViruses.pm
> > > 1069c1069
> > > <                                Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED()
> > > |
> > > ---
> > >> #                               Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED()
> > > |
> >
> > [Quoting Julian from 07/20/2005]
> > If you have MailScanner set to allow password-protected zip and rar
> > archives, then this option is disabled. If you have it set to block
> > password-protected archives, then this option is enabled.
> > [Quoting Julian from 07/20/2005]
> >
> > See this thread: http://thread.gmane.org/gmane.mail.virus.mailscanner/30201
>
> Thanks. I wanted Mailscanner to block encrypted archives which it does
> well by itself but not to tell clamav to identify encrypted archives as
> viruses.
>
It's Ruleset Time:
You want MailScanner to block the initial message, hence you want a
default of "yes" in the ruleset, but not when releasing from
quarantine... so ... since this will likely be released from
127.0.0.1, make a rule that sets it to "no" (or indeed do this on Scan
Message) for that IP address. Problem solved:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list