Scanning inside zip files

Thu Oct 30 17:49:04 GMT 2008

Yeah there's this page about overloading that I put on the wiki..

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading

(spot you used to be a progammer)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Kevin Miller
> Sent: 30 October 2008 17:33
> To: MailScanner discussion
> Subject: RE: Scanning inside zip files
>
> Paul Welsh wrote:
> > Apologies if this has been covered many times previously
> but I used to
> > set the maximum depth for zip file scanning to 0, ie, disable it.
> > This allowed files that would otherwise be blocked to be zipped and
> > sent.
> >
> > Then recently came the malware in zip files that changed so
> frequently
> > that Clam and others couldn't keep up so I changed my zip scanning
> > setting to block these viruses.
> >
> > Now I'm getting problems from customers who want to send
> programs in
> > zip files so I've had to reset the maximum depth to 0 again.
> >
> > Off the top of my head I can only think that I should turn on the
> > quarantine (it's off at present) and go back to blocking
> programs in
> > zip files, then dig out files that get blocked in error from the
> > quarantine as requested.
> >
> > Anyone else doing something more clever?
>
> Can't say that it's particularly clever on my part, but our
> clever leader Julian made it pretty easy to set up a
> whitelist of domains allowed to send restricted content.
> Default behavior is to block, exceptions allowed to pass.
> This is simple if you only have a couple of exceptions.  If
> you're talking dozens on a random basis it isn't quite so handy...
>
> ...Kevin
> --
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************