[Rspamd-Users] Avast Antivirus

Carsten Rosenberg cr at ncxs.de
Fri Feb 7 08:16:32 UTC 2020


nearly every AV scanner has an option to detect and report encrypted
files. Even with ClamAV. Rspamd sets an extra *_ENCRYPTED symbol for
known encrypted patterns.

But MIME_ENCRYPTED_ARCHIVE is the easier solution ;)


On 07.02.20 09:08, Carsten Strotmann wrote:
> Hi,
> On 7 Feb 2020, at 6:34, Durga Prasad Malyala wrote:
>> One important note.  I've used it before with mailscanner and found that
>> only avast blocks encrypted password protected archives being sent through
>> mail.
>> Is that behavior seen here by anyone?
> I just tested sending an encrypted password protected ZIP file through my mail system (with RSpamd and AVAST), and it was not blocked (as I expected).
> However if you want to block encrypted attachments, RSpamd detects encrypted MIME attachments and sets the symbol "MIME_ENCRYPTED_ARCHIVE". You can set the score on this Symbol or filter based on the "X-Spamd-Result" Header later in your mail pipeline (for example in Postfix with "milter_header_checks").
> Greetings
> Carsten

More information about the Users mailing list