On 9/27/10 11:55 PM, Török Edwin wrote:
On Tue, 28 Sep 2010 04:36:15 +0200
If you want to reject by content, you can do that as well (only for
nonencrypted archives of course) by writing a signature for your
filetype, and treating it as if it was a virus.
Rather than depend on file extensions that are rather meaningless, it seems a
better idea to build a Kessler signature file using file signatures from this list:
http://www.garykessler.net/library/file_sigs.html
It gets around the problem of extension spoofing, and it would be better anyway
if the calling milter rejected files based on extension rather than handing it
off to another process.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
