Scanning inside zip files

Rick Cooper rcooper at dwford.com
Thu Oct 30 18:26:05 GMT 2008


 

 > -----Original Message-----
 > From: mailscanner-bounces at lists.mailscanner.info 
 > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
 > Behalf Of Paul Welsh
 > Sent: Thursday, October 30, 2008 10:18 AM
 > To: mailscanner at lists.mailscanner.info
 > Subject: Scanning inside zip files
 > 
 > Apologies if this has been covered many times previously but 
 > I used to set
 > the maximum depth for zip file scanning to 0, ie, disable 
 > it.  This allowed
 > files that would otherwise be blocked to be zipped and sent.
 > 
 > Then recently came the malware in zip files that changed so 
 > frequently that
 > Clam and others couldn't keep up so I changed my zip 
 > scanning setting to
 > block these viruses.
 > 
 > Now I'm getting problems from customers who want to send 
 > programs in zip
 > files so I've had to reset the maximum depth to 0 again.
 > 
 > Off the top of my head I can only think that I should turn 
 > on the quarantine
 > (it's off at present) and go back to blocking programs in 
 > zip files, then
 > dig out files that get blocked in error from the quarantine 
 > as requested.
 > 
 > Anyone else doing something more clever?
 > 

I have patches that cause MailScanner to use a different set of rule files
(type and name) for files inside an archive. So I can allow .exe files in a
zip file while disallowing them raw and they will still be virus scanned
because the archive is opened by MailScanner

Of course I have to patch each new version that comes out and rebuild the
patches when something changes within that module

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the MailScanner mailing list