[Mimedefang] Blocking binaries by file content

Kenneth Porter shiva at sewingwitch.com
Wed Sep 22 20:10:29 EDT 2021

I'm already running ClamAV and I block on file extensions. Is there any way 
to recognize executables by content and block them? I just saw this article 
on a coming attack vector through Windows Subsystem for Linux (WSL) in 
which the payload is an ELF binary that then downloads and spawns a Windows 


The hard part would be defining "executable" but that could be extensible.

More information about the MIMEDefang mailing list