[Rspamd-Users] Avast Antivirus
Carsten Rosenberg
cr at ncxs.de
Fri Feb 7 08:16:32 UTC 2020
Hi,
nearly every AV scanner has an option to detect and report encrypted
files. Even with ClamAV. Rspamd sets an extra *_ENCRYPTED symbol for
known encrypted patterns.
But MIME_ENCRYPTED_ARCHIVE is the easier solution ;)
--
Carsten
On 07.02.20 09:08, Carsten Strotmann wrote:
> Hi,
>
> On 7 Feb 2020, at 6:34, Durga Prasad Malyala wrote:
>
>> One important note. I've used it before with mailscanner and found that
>> only avast blocks encrypted password protected archives being sent through
>> mail.
>> Is that behavior seen here by anyone?
>
> I just tested sending an encrypted password protected ZIP file through my mail system (with RSpamd and AVAST), and it was not blocked (as I expected).
>
> However if you want to block encrypted attachments, RSpamd detects encrypted MIME attachments and sets the symbol "MIME_ENCRYPTED_ARCHIVE". You can set the score on this Symbol or filter based on the "X-Spamd-Result" Header later in your mail pipeline (for example in Postfix with "milter_header_checks").
>
> Greetings
>
> Carsten
>
>
More information about the Users
mailing list