[Postfixbuch-users] Frage zu AV-Scanning

Ralf Hildebrandt Ralf.Hildebrandt at charite.de
Mo Aug 15 23:34:52 CEST 2005


* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:
> * Torsten Ermlich <linux-user at gmx.com>:
> 
> > Test #24: (Non-Virus): 
> 
> Kein Virus
> 
> > Attachment with a CLSID extension which may hide the real file
> > extension.  <B>This does not include the EICAR virus</B>, however your
>                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 		 
> > mail server should still block this since the CLSID technique can be
> > used to hide the true extension of a malicious file. ***
> 
> Wo nix ist, kann der Scanner nix finden.

Allerdings in /etc/amavisd.conf:

$banned_filename_re = new_RE(
...
    # qr'[{}]',      # curly braces in names (serve as Class ID extensions - CLSID)

einkommentieren sollte helfen...

-- 
Ralf Hildebrandt (Ralf.Hildebrandt at charite.de)          spamtrap at charite.de
http://www.postfix-book.com/                     Tel. +49 (0)30-450 570-155
Real programmers never work 9 to 5. If any real programmers are around
at 9 am, it's because they were up all night. 



Mehr Informationen über die Mailingliste Postfixbuch-users