On Sat, 2006-04-15 at 23:45 +0100, Martyn Clark wrote:
> Hi
> I just run mail tests form link Steve was kind enough to send me and only
> one got through: this one
> (Non-Virus): Attachment with a CLSID extension which may hide the real file
> extension. This does not include the EICAR virus, however your mail server
> should still block this since the CLSID technique can be used to hide the
> true extension of a malicious file.
>
> Is there a rule I can set somewhere to prevent this type of getting through?
Since there was no virus, it is normal for ClamAV to let it though.
However, since you are also using amavisd-new, this is where you would
put the rule to block these types of files. Find which file extension
the test is using and make sure it is listed in the group of file
extensions to block in your amavisd.conf file.
-Bill
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
