Blocking file extensions inside of zip & rar files.

desynced

Verified User
Joined
Dec 29, 2008
Messages
48
I'm not sure if I should be asking this in the Email forums or in SpamBlocker, but since I am using SB3 I thought I would try here first.

Due to the increase of viruses/trojans being sent out inside of zip files that clamav is not detecting, is there any way to block .exe and .com files that are compressed in zip files?

They're getting through clamav but a few hours later when I resend the effected email to a test account, clamav then detects the virus. Clamav is set to update hourly and I believe they are new viruses or variants that arent added to clamav's database for several hours.

On clamav's defense, they also arent being detected by either Microsoft Security Essentials or Norton AV 2010 right away but a couple hourly updates later, they are. (Only given the option of "this file is suspicious, send a copy to us" prompt when I scan them manually.)
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
SpamBlocker is the name of the method I use in my SpamBlocker Technology-powered exim.conf file, an old version of which is stupplied with DirectAdmin. It blocks emails from your server by reputation of the sender server (by IP#). It doesn't accept email, so it can't look at it. And it can't look into any files attached to it, becaue it never allows the email onto the server.

If the IP# isn't on a reputation blocklist, then you'd have to use either ClamAV or SpamAssassin on your server (you can call either from your exim.conf file but neither is installed or turned on in exim.conf by default), or local software on your desktop(s).

If ClamAv isn't doing enough for you there are commercial packages available for linux and BSD based servers, which you can buy, install, and enable through your exim.conf file (but you'd need installation support from somewhere).

Jeff
 
Top