On 2021-11-30 13:35, Nikolaos Milas wrote:
Hello,
On CentOS 8 / amavis 2.12 we are receiving (a significant number of)
incoming mail, each addressed to a large number of people in our org,
each with two virus infected attachments: .lzh and .gz extension.
clamav handle this very well if using foxhole 3dr party signatures
so amavis just reject virus
note you may not have rar unpacker installed, or its just fake mime type
to hide not unpacking, this is propetly known from the malware writer
that amavisd would not try more
imho best option do change amavisd to not be a virus scanner, but use
clamav with 3dr party signatures
keywords 0-day signatures, no more surprises
