efa-project.org

We have the system setup to successfully scan zip files but we have had a number of viruses come through in rar files. These are executables so assume they are viruses or malicious.

Can the system be setup to scan rar files too? or block exes in rars?

Should be scanning rars already...

In /etc/MailScanner/MailScanner.conf...
Try placing the EICAR test inside a rar file and sending to your EFA...

If it detects, then this part is working.

Next step is to block exe inside of rar somehow....this is tricky because MailScanner unrars and hands off to clamav....clamav doesn't block files just detects viruses...so MailScanner never sees contents of the rar.

Much easier solution is to just block rar files....