[quote user="Thomas R. Stephenson"]<div>What you really need to do is have your Pegasus Mail users use the Virscan extension to scan the file when opened with your a-v program of choice.</div><p>[/quote]</p><p>I agree that Virscan, where practical, is the way to go.  </p><p> The caveats:  Some command line scanners are slow and/or intrusiveness.  This can be tolerated in low email environments or in environments where attachments are the exception but in environments where attachments are routine the attachment scanning can be a productivity killer.  Some command line scanners are not designed to scan a single file so will not work with Virscan.  Vipre has one of those.   </p>

<P>==== </P> <P> sorry, should have been posted in Mercury forums</P> <P>====</P> <P mce_keep="true"> </P> <P>Hi,</P> <P> I'd like to configure ClamWall to ban e-mails with ZIP files that contain EXE files (or other dangerous file types).</P> <P>Any tips on how to do that?</P> <P>Thanks</P> <P>Ron</P>

<p>In mercury </p><p>click on "Configuration"</p><p>Click on "Clamwall"</p><p>Click the "basic settings" tab</p><p>enter in all the extensions you want banned.</p><p>These are the ones i have entered.</p><p>ADE,ADP,ASP,BAS,BAT,CHM,CMD,COM,CPL,CRT,EXE,HLP,HTA,INF,INS,ISP,JSE,MSC,MSI,MSP,MST,PCD,SCT,SHB,SHS,VB,VBE,WS,VBS,PIF,SCR,REG,SHS,WS,WSC,WSF,WSH </p>

<p>Clamwall doesn't appear to look at the extensions of files inside of .zip attachments.  I have .exe as a banned extension but .exe's inside of .zip attachments are getting through.</p><p>I had a recent infection which was the result of a user running a .exe from inside of a .zip.  It got past ClamAV so either the virus def for ClamAV was inadequate or ClamAV isn't checking .zip attachments.  I can't exclusively fault ClamAV though.  I have Vipre for local protection and it didn't detect until after the infection had taken over the PC. </p>

<div>> Clamwall doesn't appear to look at the extensions of files inside of</div><div>> .zip attachments.  I have .exe as a banned extension but .exe's inside</div><div>> of .zip attachments are getting through. </div><div>></div><div>> I had a recent infection which was the result of a user running a .exe</div><div>> from inside of a .zip.  It got past ClamAV so either the virus def for</div><div>> ClamAV was inadequate or ClamAV isn't checking .zip attachments.  I</div><div>> can't exclusively fault ClamAV though.  I have Vipre for local</div><div>> protection and it didn't detect until after the infection had taken</div><div>> over the PC. </div><div> </div><div>One of the problem with this is that sending of an EXE file in a zipped file is about the only way you can send a program anymore.  If your anti-virus system blocked the programs in a ZIP archive you'd never get any valid programs sent as an attachment. You can of course block all ZIP files and then the postmaster can handle this but that would be a real pain in the rear.  </div><div> </div><div>What you really need to do is have your Pegasus Mail users use the Virscan extension to scan the file when opened with your a-v program of choice.</div><div> </div><div>Name of Program: VIRSCAN: Virus Scanning Extension for Pegasus Mail </div><div> </div><div>Location/Filename <URL:mailto:irelam@telus.net?Subject=send_virscan> </div><div><URL:http://www3.telus.net/public/irelam/> </div><div> </div><div>Author/email contact: Martin Ireland <irelam@telus.net> </div><div> </div><div>Status: Freeware </div><div> </div><div>Documentation: Included in zip file.</div><div> </div><div>Features: Extension to invoke virus scanning program of user choice when Pegasus Mail saves or views mail message attachments. </div><div> </div><div>Defaults to NAI's VirusScan engine. Multi-language support included.  </div><div> </div><div> </div><div> </div>