>As near as I unerstand from the clamav list.
>Clam cannot detect encrypted virus's.
>I believe this is a flaw in clamav, that cannot be easily remedied. > >This is "To the best of my knowldege."
>You have some options. >Add in another virus scanner. >Bounce password protected zips. >Bounce zips. >Bounce password protected zips with certain file types.
>The easiest thing to do, and what I am doing currently, is bounce zip >files for a few days, while I figure out what to do on my internal mail >server.
>http://lists.roaringpenguin.com/pipermail/mimedefang/2004-March/020563.html
>This is the first salvo in widespread adoption of password protected zip >files imo. >So consider zip-encrypted files a new file type extension. >So I reccomend to block: >zip-encrypted zip files by default.
OK, maybe I'm mistaken, but I'm blocking quite a few password protected virus email (Worm.Bagle.Gen-zippwd, Worm.Bagle.F-zippwd-3). Is there a difference between "encrypted" and "password protected"? I'm using the following clamav.conf:
LogFile /var/log/clamav/clamd.log PidFile /var/run/clamav/clamd.pid
LocalSocket /var/spool/MIMEDefang/clamd.sock FixStaleSocket StreamSaveToDisk MaxDirectoryRecursion 15 User mailnull ScanMail ScanArchive ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000
The *-zippwd viruses were not getting caught until I added the "ScanMail" directive.
Graham -- Graham Dunn, IT Manager Inscriber Technology, 26 Peppler St, Waterloo, ON, CA N2J3C4 519 570 9111 x243
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
