stopping clamav detecting encrypted zip files
Ugo Bellavance
ugob at lubik.ca
Fri May 18 21:42:05 IST 2007
Julian Field wrote:
>>>> I did manage to get it working as I wanted it by editing the perl
>>>> code which
>>>> calls clamavmodule so that password protected archives were not
>>>> classed as a
>>>> virus. That leaves it down to mailscanner to detect itself which
>>>> then as it
>>>> is just classed as a blocked attackment and not a virus allows
>>>> mailwatch to
>>>> release it.
>>>>
>>>> I have the patch togeter with a few other customisations I have made
>>>> detailed on my webpage :-
>>>> http://www.gbnetwork.co.uk/mailscanner/index.html
>>>>
>>> Ah great. Perhaps when Jules is better he'll grace us with yet another
>>> config option for this:-).
>> Anything new on this subject?
>>
>> I also agree that we should have an option, or that clamav should
>> never identify a passwd-zip as a virus. The MS setting is there and
>> at least, one can release it if MS stops it.
> How about I just apply your patch and stop ClamAV blocking
> password-protected archives?
>
> MailScanner itself can only detect password-protected zips, tars and
> rars (from memory), whereas ClamAV might well be able to detect
> passworded archives of more formats. But the others are very rare anyway
> so it probably isn't a problem. But I thought I should let you know.
>
> Still want me to apply your patch?
>
> Jules
I think that this would be the best thing.
More information about the MailScanner
mailing list