http://sanesecurity.com/usage/signatures/sadly ClamAV on Fedora can't unpack rar-archives and so you should consider reject them in general
[root@mail-gw:~]$ cat postfix/mime_header_checks.cf # Reject Attachment Extensions/^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* = \s*"?(.*?(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|rar|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1"
Am 02.01.2015 um 01:57 schrieb Franklin Wang:
Of course, it's wonderful to know more friends with the same hobby. But I wonder to know the answer about it for long. The virus db of clamav may be the same on the several types of platforms, but the commercial softwares maybe not. I copied a result of 'Day0 Summary' from shadowserver.org a few days ago, as following: vendor detected total percent Avira (Windows) 164,659 185,034 88.9885 Comodo (Windows) 115,889 136,109 85.1443 Eset (Windows) 153,248 182,528 83.9586 K7 (Windows) 153,676 185,244 82.9587 Avast (Windows) 147,266 185,226 79.5061 Avast (Linux) 135,715 170,938 79.3943 Symantec (Windows) 141,871 182,075 77.9190 Sunbelt (Windows) 144,019 185,080 77.8145 Eset (Linux) 142,373 183,664 77.5182 BitDefender (Linux) 136,308 179,849 75.7902 BitDefender (Windows) 136,844 184,910 74.0057 AVG (Windows) 125,048 170,394 73.3876 Authentium (Windows) 133,643 185,109 72.1969 Kaspersky (Windows) 104,849 145,413 72.1043 Avira (Linux) 124,587 177,928 70.0210 Authentium (Linux) 121,364 179,559 67.5900 FProt (Windows) 123,574 183,055 67.5065 Ikarus (Windows) 109,977 164,330 66.9245 Ikarus (Linux) 110,824 179,525 61.7318 FProt (Linux) 110,122 180,409 61.0402 Fortinet (Windows) 102,059 172,655 59.1115 Clam (Linux) 104,644 179,285 58.3674 Clam (Windows) 77,253 137,575 56.1534 McAfee (Windows) 100,531 180,003 55.8496 Norman (Windows) 91,194 163,996 55.6075 Lionic (Windows) 93,746 185,134 50.6368 QuickHeal (Windows) 84,592 168,558 50.1857 McAfee (Linux) 73,338 146,264 50.1408 FSecure (Windows) 89,352 181,299 49.2843 AVG (Linux) 89,843 183,814 48.8771 QuickHeal (Linux) 84,423 175,364 48.1416 Sophos (Linux) 66,169 138,320 47.8376 Microsoft (Windows) 76,974 169,284 45.4703 GData (Windows) 80,961 184,597 43.8582 TrendMicro (Windows) 77,177 179,421 43.0145 Sophos (Windows) 69,207 171,143 40.4381 TrendMicro (Linux) 49,049 128,919 38.0464 AhnLab (Windows) 59,945 176,238 34.0137 Panda (Linux) 35,155 117,398 29.9451 Norman (Linux) 26,108 128,670 20.2907 FSecure (Linux) 37,175 184,466 20.1528
Attachment:
signature.asc
Description: OpenPGP digital signature
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
