Password protected zips into quarantine by ruleset
Jerry Benton
jerry.benton at mailborder.com
Fri Jun 13 12:23:24 IST 2014
I created a sample in the Mailborder GUI. This is what the MailScanner output looks like:
Allow Password-Protected Archives = %rules-dir%/pid6.rules
And the contents of pid6.rules:
# Built by Mailborder Systems
# Build Time: Fri, 13 Jun 14 13:19:27 +0200
# Mailborder version: 4.1.2 build: 1
# Custom object processing rules
From: support at mailborder.com yes
# Domain processing rules
FromOrTo: linuxref.com no
# Default for unmatched objects
FromOrTo: default no
-
Jerry Benton
www.mailborder.com
On Jun 13, 2014, at 12:38 PM, Stef Morrell <stef at aoc-uk.com> wrote:
> Hi guys,
>
> I'm struggling a bit with how MS deals with password protected zipfiles, so any of the below could be complete misinterpretation, feel free to correct my ignorance!
>
> It seems to me that MS detects password protected zips by means of being informed by the virus scanner and then treating it as a virus, using the special keyword Zip-Password in various MailScanner.conf settings.
>
> And then there is the
>
> Allow Password-Protected Archives = <yes/no>
>
> setting.
>
> Somewhere in all this I would like to be able to have a ruleset which says for password protected zipfiles, I can allow them to pass (for users who get them all the time), quarantine (for users who get them occasionally), or default block.
>
> And I can't for the life of me work out how to achieve this.
>
> Can anyone advise?
>
> Thanks
>
> Stef
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140613/115c857e/attachment.html
More information about the MailScanner
mailing list