We have the system setup to successfully scan zip files but we have had a number of viruses come through in rar files. These are executables so assume they are viruses or malicious.
Can the system be setup to scan rar files too? or block exes in rars?
Virus delivered in a rar file
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Virus delivered in a rar file
Should be scanning rars already...
In /etc/MailScanner/MailScanner.conf...
Try placing the EICAR test inside a rar file and sending to your EFA...
If it detects, then this part is working.
Next step is to block exe inside of rar somehow....this is tricky because MailScanner unrars and hands off to clamav....clamav doesn't block files just detects viruses...so MailScanner never sees contents of the rar.
Much easier solution is to just block rar files....
In /etc/MailScanner/MailScanner.conf...
Code: Select all
Archives Are = zip rar ole
Code: Select all
Unrar Command = /usr/bin/unrar
If it detects, then this part is working.
Next step is to block exe inside of rar somehow....this is tricky because MailScanner unrars and hands off to clamav....clamav doesn't block files just detects viruses...so MailScanner never sees contents of the rar.
Much easier solution is to just block rar files....