Hi Steve,
Thanks for your quick reply, This appears to affect any tar.gz joomla component being installed to Joomla also just for the record... I will get our linux guy to make that whitelist update.. Will this stop all such double zip uploads from failing for example the .tar.gz? Thanks again for your help On 2014-09-17 13:14, Steve Basford wrote: > > On Wed, September 17, 2014 1:53 pm, James Meason wrote: > > > Uploaded! (Zip.Suspect.MiscDoubleExtension-zippwd-4 FOUND) > > Hi James, > > ClamAV team have created a signature which helps block double attachments, > in much the same way that the Sanesecurity foxhole sigs have been > doing for a while now. > > However, I think they'd gone slightly overboard... > > here's the sig... > > daily.zmd:Zip.Suspect.MiscDoubleExtension-zippwd-4:*:(?i)((\.doc)|([ > _.-](7z|avi > |bmp|csv|docx|gif|gz|jpeg|jpg|mov|mp3|mp4|mpg|pdf|png|pps|ppt|pptx|psd|rar|tar|t > ar\.gz|tif|tiff|txt|wav|xls|xlsx|zip)))[ > _.-]*\.(action|air|apk|app|as|awk|bin|c > ommand|csh|deb|dmg|ipa|jar|js|jsx|ksh|nexe|osx|out|pkg|plx|prg|rpm|run|script|sh > |swf):*:*:*:*:*:* > > foxhole_filename.cdb will do a similar job, but has been made as flexable > as possible for the end_user to whitelist for extension type and only > contains double extensions that have been actually seen carrying malware. > > To whitelist... > > printf Zip.Suspect.MiscDoubleExtension-zippwd-4 > localign.ign2 > restart clamd > > Cheers, > > Steve > Sanesecurity.com > > > http://www.clamav.net/contact.html#ml > > Thankyou for your time..... God Bless NodnoL aka James/JamEZ _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
