Block executable files which is compressed using gzip
Chaminda Indrajith
indrajith at sltidc.lk
Tue Jan 19 11:57:55 UTC 2021
Hi,
Could you let me know how to block executable files which is compressed
using gzip. One of the Mail contains attachment which compressed using gzip.
When I strip the attachment it contains a "Pdf 00231145 Swift Copy.gz" file.
[root at mail msg-1611056831-18887-0]# ls
msg-18887-1.txt msg-18887-2.html Pdf 00231145 Swift Copy.gz
When I unzip it using gunzip, it is just a file without an extension. But it
is an executable file.
[root at mail msg-1611056831-18887-0]# gunzip Pdf\ 00231145\ Swift\ Copy.gz
[root at mail msg-1611056831-18887-0]# ls
msg-18887-1.txt msg-18887-2.html "Pdf 00231145 Swift Copy"
[root at mail msg-1611056831-18887-0]# file Pdf\ 00231145\ Swift\ Copy
Pdf 00231145 Swift Copy: gzip compressed data, was "Pdf 00231145 Swift
Copy.exe", from FAT filesystem (MS-DOS, OS/2, NT), last modified: Mon Jan 18
05:25:12 2021
This file contains a Virus. So, how can I block such files (executable files
types without any extension) in MailScanner
Thanks
Chaminda Indrajith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20210119/f1595f1e/attachment.html>
More information about the MailScanner
mailing list