[Postfixbuch-users] Frage zu AV-Scanning
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Mo Aug 15 23:34:52 CEST 2005
* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:
> * Torsten Ermlich <linux-user at gmx.com>:
>
> > Test #24: (Non-Virus):
>
> Kein Virus
>
> > Attachment with a CLSID extension which may hide the real file
> > extension. <B>This does not include the EICAR virus</B>, however your
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> > mail server should still block this since the CLSID technique can be
> > used to hide the true extension of a malicious file. ***
>
> Wo nix ist, kann der Scanner nix finden.
Allerdings in /etc/amavisd.conf:
$banned_filename_re = new_RE(
...
# qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID)
einkommentieren sollte helfen...
--
Ralf Hildebrandt (Ralf.Hildebrandt at charite.de) spamtrap at charite.de
http://www.postfix-book.com/ Tel. +49 (0)30-450 570-155
Real programmers never work 9 to 5. If any real programmers are around
at 9 am, it's because they were up all night.
Mehr Informationen über die Mailingliste Postfixbuch-users