Password protected zips into quarantine by ruleset
Antony Stone
Antony.Stone at mailscanner.open.source.it
Fri Jun 13 12:55:23 IST 2014
On Friday 13 June 2014 at 12:38:47, Stef Morrell wrote:
> Hi guys,
>
> I'm struggling a bit with how MS deals with password protected zipfiles, so
> any of the below could be complete misinterpretation, feel free to correct
> my ignorance!
>
> It seems to me that MS detects password protected zips by means of being
> informed by the virus scanner and then treating it as a virus, using the
> special keyword Zip-Password in various MailScanner.conf settings.
>
> And then there is the
>
> Allow Password-Protected Archives = <yes/no>
>
> setting.
>
> Somewhere in all this I would like to be able to have a ruleset which says
> for password protected zipfiles, I can allow them to pass (for users who
> get them all the time), quarantine (for users who get them occasionally),
> or default block.
>
> And I can't for the life of me work out how to achieve this.
>
> Can anyone advise?
Well, that setting can be a ruleset, so for Allow=yes/no for different users,
you could try:
Allow Password-Protected Archives = %rules-dir%/passprotarchive.rules
and then inside passprotarchive.rules:
To: safeuser1 at mydomain.tld yes
To: safeuser2 at myother.tld yes
FromOrTo: default no
I can't think of a way to do your 3-way choice (yes for some, quarantine for
others, no by default), but this should at least give you a 2-way choice.
Regards,
Antony.
--
BASIC is to computer languages what Roman numerals are to arithmetic.
Please reply to the list;
please don't CC me.
More information about the MailScanner
mailing list