Scanning inside zip files
Kevin Miller
Kevin_Miller at ci.juneau.ak.us
Thu Oct 30 17:32:31 GMT 2008
Paul Welsh wrote:
> Apologies if this has been covered many times previously but I used
> to set the maximum depth for zip file scanning to 0, ie, disable it.
> This allowed files that would otherwise be blocked to be zipped and
> sent.
>
> Then recently came the malware in zip files that changed so
> frequently that Clam and others couldn't keep up so I changed my zip
> scanning setting to block these viruses.
>
> Now I'm getting problems from customers who want to send programs in
> zip files so I've had to reset the maximum depth to 0 again.
>
> Off the top of my head I can only think that I should turn on the
> quarantine (it's off at present) and go back to blocking programs in
> zip files, then dig out files that get blocked in error from the
> quarantine as requested.
>
> Anyone else doing something more clever?
Can't say that it's particularly clever on my part, but our clever
leader Julian made it pretty easy to set up a whitelist of domains
allowed to send restricted content. Default behavior is to block,
exceptions allowed to pass. This is simple if you only have a couple of
exceptions. If you're talking dozens on a random basis it isn't quite
so handy...
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
More information about the MailScanner
mailing list