Hello,
Is there any way to whitelist a file based on it's signature *and* it's
filename?
My case is about a legit PDF file embedding JavaScript sent by users by email.
Its signature is "PUA.Script.PDF.EmbeddedJavaScript", but its MD5 hash is
always different (probably because users are saving
Le lundi 28 novembre 2016, 14:28:11 CET Steve Basford a écrit :
> I guess this *might* be an option.
Thanks for your reply and this idea.
> 1. Find something common in your pdf you want to "whitelist", say "Your
> company name or department", convert this to hex.
Let's say "My Safe PDF" → "4d79
Le lundi 28 novembre 2016, 10:28:03 CET Paul Kosinski a écrit :
> Of course, if anybody is able to find out what the magic filename is,
> they could mount a targeted attack.
Of course, but thanks for the warning.
> How are the PDFs generated? Would it be possible to attach a
> cryptographic signa
Hello,
I would like to keep emails detected as virus by ClamAV on the filesystem, in
order to be able to retrieve false-positive when users asks for them. After a
few days, a simple cronjob would remove them.
So I though that "VirusEvent" could be an appropriate way to do it. (Is there
any bet
Le mardi 3 janvier 2017, 10:31:51 CET Vladislav Kurz a écrit :
> > So I though that "VirusEvent" could be an appropriate way to do it. (Is
> > there any better way?)
>
> try using amavis together with your SMTP server. It has options to put
> mail into quarantine and to notify recipients, that som
Le mardi 3 janvier 2017, 05:14:52 CET Gene Heskett a écrit :
> > ERROR: VirusEvent: fork failed.
>
> I've no clue, never tried that. What I do for quaranteen is with a
> procmail script. Lemme see if I can find it. Yup, here are snippets.
I'm more interested in fixing this worrying "fork failed"