Scanning inside zip files
rcooper at dwford.com
Thu Oct 30 18:26:05 GMT 2008
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On
> Behalf Of Paul Welsh
> Sent: Thursday, October 30, 2008 10:18 AM
> To: mailscanner at lists.mailscanner.info
> Subject: Scanning inside zip files
> Apologies if this has been covered many times previously but
> I used to set
> the maximum depth for zip file scanning to 0, ie, disable
> it. This allowed
> files that would otherwise be blocked to be zipped and sent.
> Then recently came the malware in zip files that changed so
> frequently that
> Clam and others couldn't keep up so I changed my zip
> scanning setting to
> block these viruses.
> Now I'm getting problems from customers who want to send
> programs in zip
> files so I've had to reset the maximum depth to 0 again.
> Off the top of my head I can only think that I should turn
> on the quarantine
> (it's off at present) and go back to blocking programs in
> zip files, then
> dig out files that get blocked in error from the quarantine
> as requested.
> Anyone else doing something more clever?
I have patches that cause MailScanner to use a different set of rule files
(type and name) for files inside an archive. So I can allow .exe files in a
zip file while disallowing them raw and they will still be virus scanned
because the archive is opened by MailScanner
Of course I have to patch each new version that comes out and rebuild the
patches when something changes within that module
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner