[Mimedefang] Configure uvscan to scan inside a zip file.
Jason Englander
jason at englanders.cc
Tue Jul 1 20:03:01 EDT 2003
On Tue, 1 Jul 2003, Lucas Albers wrote:
> Have you sent a virus infected zip through your mail server?
> And it detected the virus and blocked the attachment?
I don't use uvscan at home, it's too slow (and I won't give money to NAI).
A client of mine uses it, but I have them set up to get scanned with
File::Scan and clamd on three outside MX hosts, then uvscan on two
inside MX hosts. Nothing with a zip attachment has ever made it to
uvscan.
I'm a member of the clam antivirus signature "team", and I also have
a few ISP clients. I see so many viruses, signatures, e-mails with
infected attachments, and such every day that I can't even remember what
the deal was, but I think that client's MD filter was catching the Sobig.E
attachments before the signature was added. They have a very long,
complicated MD filter...
Running uvscan at the commandline against a Sobig.E sample that I have
does this:
# uvscan --secure \"your_details.zip
/home/jason/viruses/Worm/Sobig.E/"your_details.zip/DETAILS.PIF
Found the W32/Sobig.e at MM virus !!!
I use Pine, which wouldn't let me attach a file with that name (it
doesn't like the quote), but I attached it as yd.zip and set the
client's MD to use only uvscan and it did find Sobig.e at MM in it.
I sent "your_details.zip through my home mail server using nail (my
/bin/mail) and clamd did detect it.
Jason
--
Jason Englander <jason at englanders.cc>
394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA
More information about the MIMEDefang
mailing list