Hi,
Has anyone got a way of getting exim 3.36/exiscan/clamav to detect and drop
the encrypted zip files that W32/Bagle.j at MM et al are so fond of using?
So far Ive managed to ascertain that the following will output a capital
letter if a zip file is encrypted:
if zipinfo $Z | grep exe$ | perl -pe's/ +/ /g' | cut -d\ -f5 | cut -b1
So if i had a way to run that on the mail and if the output is between
65 and 90 on the acsii table - drop the mail.
This is as far as I've got, there undoubtedly is a much better way to do
this sort of thing (quarantining all zip attachments isnt an option) but
at the moment Im too busy running stinger.exe on all the people that
have fell for this so far to do any real research on it.
Any pointers would be greatly appreciated.
Cheers
--
Pete
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
