Also, testing here: http://www.emailsecuritycheck.net/index.html
test 2, which is the eicar executable inside of a zip, gets through (but
caught by our Exchange servers) - shouldn't Clamd catch this with ASSP_AFC?
DoASSP_AFC is enabled, do both, decompression level set to 12.
test 5. which is is a text file but with a dll extension, gets through too.
clamav shouldn't catch this since the text file doesn't contain the
eicar test string, but shouldn't the file extension be enough to block it.
I know that renaming an exe to txt won't let it through, but does renaming
a txt to exe (other way around) allow the file through??
On Sat, Mar 12, 2016 at 2:14 PM, K Post <[email protected]> wrote:
> 2 questions:
>
> 1) I've been doing some ClamAV testing. It mostly works, but I've also
> seen:
> [VIRUS][scoring] 149.202.232.193 <[email protected]>
> to: [email protected] 'Eicar-Test-Signature' passing the virus
> check because of only suspicious virus 'Eicar'
>
> Is there a way to tell ClamAV or ASSP to reject even suspicious files?
>
>
> 2) I've got Level 1 blocking set using
>
> exe-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh
>
> Everything I've tested is blocked with the exception of DLL files and I
> can't for the life of me figure out why. Any ideas?
>
> Thanks
> Ken
>
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
