Jesper Juhl wrote:
Nope, that won't work. Besides blocking purely based on name we also run
'file' on the attachments and block based on the type of file returned by
'file'. So, a windows executable renamed from foo.exe to foo.txt will
still be caught as a banned 'exe' file - blocking only based
On Mon, 8 Mar 2004, Brett Simpson wrote:
How did you impliment this? I like the idea of checking the file to see
if the extension matches what is returned by the file command.
Brett
see the unix file command (man file, will give you the information) -
it uses /usr/share/magic to retrive
On Monday 08 March 2004 1:44 pm, Brett Simpson wrote:
Jesper Juhl wrote:
Nope, that won't work. Besides blocking purely based on name we also run
'file' on the attachments and block based on the type of file returned by
'file'. So, a windows executable renamed from foo.exe to foo.txt will
On Mon, 8 Mar 2004, Brett Simpson wrote:
Jesper Juhl wrote:
Nope, that won't work. Besides blocking purely based on name we also run
'file' on the attachments and block based on the type of file returned by
'file'. So, a windows executable renamed from foo.exe to foo.txt will
still be
On Monday 08 March 2004 10:51 am, Jesper Juhl wrote:
--snip--
The first qr block checks for double extensions like file.foo.exe and
ban such files if the last extension is one of vbs|pif|scr|bat|com|exe|dll
the next two qr blocks block files purely based on the last extension.
The next qr
What about .html ???
Jeff
-Original Message-
From: John Jolet [mailto:[EMAIL PROTECTED]
Sent: Monday, March 08, 2004 10:12 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Re: Simple patch for dealing with password
zip files
On Monday 08 March 2004 10:51 am, Jesper Juhl wrote
Quoting John Jolet [EMAIL PROTECTED]:
This brings up an interesting point. I've never seen a legitimate file on a
windows box with two or more 3-character extensions. Would it be a bad
assumption to make?
Yes. Because not all machines are windows machines. Because the e-mail
may just be going
On Monday 08 March 2004 6:12 pm, John Jolet wrote:
This brings up an interesting point. I've never seen a legitimate file on
a windows box with two or more 3-character extensions. Would it be a bad
assumption to make?
Yes, because not everyone uses Windows :) and things like
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Jean-Francois Guilmard
Sent: Monday, March 08, 2004 1:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] Re: Simple patch for dealing with password
zip files
What about .html ???
He doesnt
On Thu, 4 Mar 2004, Chris Barnes wrote:
Michael L Torrie [EMAIL PROTECTED] wrote:
I have made a rudimentary patch (clean patch) against clamav 0.67 to
mark all zip files containing password-protected (and hence
unscannable) files as a virus type SuspectEncrypted.Zip.
Good job. Come to
On Thu, Mar 04, 2004 at 07:52:35PM +0100, Jesper Juhl wrote:
Our mailserver is setup to reject certain file types as attachments (.com,
.exe, .pif etc etc). Sometimes users have a legitimate need to get such
files through, and the way they do it is to compress them and add a
password to the
From: Jim Mercer [mailto:[EMAIL PROTECTED]
...
.exe, .pif etc etc). Sometimes users have a legitimate need
to get such
files through, and the way they do it is to compress them and add a
password to the zip archive so the content filter can't look inside.
alternately, the sender could
On Thu, 4 Mar 2004, Jim Mercer wrote:
On Thu, Mar 04, 2004 at 07:52:35PM +0100, Jesper Juhl wrote:
Our mailserver is setup to reject certain file types as attachments (.com,
.exe, .pif etc etc). Sometimes users have a legitimate need to get such
files through, and the way they do it is to
On Mar 4, 2004, at 2:16 PM, [EMAIL PROTECTED] wrote:
From: Jim Mercer [mailto:[EMAIL PROTECTED]
...
.exe, .pif etc etc). Sometimes users have a legitimate need
to get such
files through, and the way they do it is to compress them and add a
password to the zip archive so the content filter can't
On Thu, 04 Mar 2004 at 14:42:01 -0800, Jeff Ramsey wrote:
Where can I get the patch that started this thread?
Go to http://www.mail-archive.com/clamav-users%40lists.sourceforge.net/
and search for the message from Michael L Torrie with subject
[Clamav-users] Simple patch for dealing with
15 matches
Mail list logo
