Hi, I saw this recent post on a UK security mailing list, regarding blocking any attachment that starts with "TVqQAAMA" i.e. anything executable by windows. I'm currently blocking the following extensions with qmail-scanner-1.16:
.vbe .vbs .lnk .scr .wsh .hta .pif .exe .com .bat .cmd .cpl .mhtml .ceo .cnf .ins .scf .sct .shb .shs .xnk
Is there a way qmail scanner can perform the above block of "TVqQAAMA" to prevent anything that this list may miss? AFAICT there doesn't seem to be. Cheers.
Q_S does not check message body content, so the short answer is no.
If, however, you want to experiment with a ClamAV signature for that Base64 encoded string...see:
http://sourceforge.net/mailarchive/message.php?msg_id=5792940
e.g. a mydb.db entry of - COMPANY_POLICY.ExecutableContent.Rejection (Clam)=5456715141414d41 Caveat...I have no idea what -legit- email this might reject.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
