On 9/28/10 5:40 AM, Daniel McDonald wrote:
On 9/28/10 2:05 AM, "Dennis Peterson"<[email protected]> wrote:
On 9/27/10 11:55 PM, Török Edwin wrote:
On Tue, 28 Sep 2010 04:36:15 +0200
If you want to reject by content, you can do that as well (only for
nonencrypted archives of course) by writing a signature for your
filetype, and treating it as if it was a virus.
Rather than depend on file extensions that are rather meaningless, it seems a
better idea to build a Kessler signature file using file signatures from this
list:
http://www.garykessler.net/library/file_sigs.html
Amavisd-new gets around that by calling file and adding the type returned as
meta-data that can be matched. So, embed an .emf with no extension in an
.xlsx? Amavis will recognize it as an .emf in a zip archive.
Gary's list is one of the resources used in the file utility. But some file
programs have not been updated in a long time. Solaris 10's /etc/magic file is
dated 2006, for example, and Solaris 9 is from Y2K. My OS X Snow Leopard magic
files are dated May 18, 2009, and RHEL5 are April, 2009. It would be a good idea
to take some ownership of that by way of checking file types that may interest
you and your mail users.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
