On 4/19/2013 11:46 AM, Andreas Freyvogel wrote: > Hi All, > > I'm not sure if this is the correct group to ask so apologies if it's not. > > I wanted to ask if anyone has a good way of sending emails that have ZIP > attachments that contain EXE files to QUARANTINE. I am using POSTFIX sending > to PROCMAIL and CLAMAV. I've looked into procmail recipies and clamav > options but nothing seems to work well for me. >
The Sanesecurity addon signatures for clamav has some specific signatures to detect executable files inside a zip. If you're using clamav in your procmail recipe, you can redirect infected mail to a specific mailbox or discard it. If you use the clamav-milter with postfix, it can put infected mail in the postfix hold queue. If you use amavisd-new for the clamav interface, you can save the mail in a quarantine. http://sanesecurity.com/ http://sanesecurity.com/foxhole-databases/ -- Noel Jones
