Ralf Hildebrandt schrieb: > Recently, Germany has seen a flood of trojans, disguised as "invoice". > They were sent as unencrypted ZIP archive which contains at least one > file with a double extension: > > your_invoice.pdf.exe > > How can I block these with amavisd-new-2.4.5-rc1? > Hi,
one way is to use the [$banned_filename_re] directive that checks for double extensions, too. By doing it this way, all [filename.xxx.exe] attachments are banned. We're using it permanently to cover the period until a appropriate virus definition is published. Cheers, Christian -- =========================================================== Christian Rost roCon - Informationstechnologie Glatzer Weg 4 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
