Executable file (virus, attached) slipping through

[ron]

Hi

attached is an infected file that managed to pass the gateway and was detected/qurantined by smsmse 6.5. over the past few days, there have been a few incidents like this one. can you spot the difference between this file and other executables that are usualy blocked at the gateway level?

 

[tom]

thanks for reporting, I submitted the file to the clamav maintainers for analysis.

 

[ron]

Hi Tom,

more and more viruses are passing through the gateway (which is healthy and up to date).
I am not sure at all that this is a CLAM issue - even if the files weren't viruses - they are still executables inside an un-encrypted zip file, and should have been blocked ('Dangerous Content' rules are at their default)...

 

[tom]

I just sent all file through our testenvironment, all viruses gets detected by Avira SAV, but only three by ClamAV. so make sure your clamav is updating (check via web interface) and consider the second AV scanning engine.

Dangerous Content (default rule):
this rule does not block exe files inside zip

 

[ron]

Dangerous Content (default rule):
this rule does not block exe files inside zip

Is there a way to enable such filtering, regardless of whether the .exe is a virus or not?

 

[tom]

no.

 

[Rene Chirivi]

 

[Francesco M. Taurino]

Clamav with additional signatures give much better results. See my post in this forum

 

[tom]

Why do you filter ransomware only during office hours?