Hi, > is it possible to block ZIPs within ZIPs? > > As far as I understand it amavis unpacks everything an then trys to find out > > if the files are banned or not. > > Since we have seen now some of those crypto trojans that consist of a zip > > within a zip and within some varible executable code which is not allways > properly recognized.
Are you sure this doesn't already work? What's inside the inner zip? Ultimately it's got to be something that's on your existing banned list (.js, .exe, etc..), so I would think it would find that and reject/ban it. Regards, Alex
