stopping clamav detecting encrypted zip files

Ugo Bellavance ugob at lubik.ca
Fri May 18 21:42:05 IST 2007


Julian Field wrote:
>>>> I did manage to get it working as I wanted it by editing the perl 
>>>> code which
>>>> calls clamavmodule so that password protected archives were not 
>>>> classed as a
>>>> virus. That leaves it down to mailscanner to detect itself which 
>>>> then as it
>>>> is just classed as a blocked attackment and not a virus allows 
>>>> mailwatch to
>>>> release it.
>>>>
>>>> I have the patch togeter with a few other customisations I have made
>>>> detailed on my webpage :-
>>>> http://www.gbnetwork.co.uk/mailscanner/index.html
>>>>
>>> Ah great. Perhaps when Jules is better he'll grace us with yet another
>>> config option for this:-).
>> Anything new on this subject?
>>
>> I also agree that we should have an option, or that clamav should 
>> never identify a passwd-zip as a virus.  The MS setting is there and 
>> at least, one can release it if MS stops it.
> How about I just apply your patch and stop ClamAV blocking 
> password-protected archives?
> 
> MailScanner itself can only detect password-protected zips, tars and 
> rars (from memory), whereas ClamAV might well be able to detect 
> passworded archives of more formats. But the others are very rare anyway 
> so it probably isn't a problem. But I thought I should let you know.
> 
> Still want me to apply your patch?
> 
> Jules

I think that this would be the best thing.



More information about the MailScanner mailing list