0

Is clamAV scanning files insides compressed archive inside emails? I was looking around to found an answer about this question. Somebody wrote that on some ubuntu distribution this is the default behaviour. However many forums says you have to create a custom script in order to uncompress the file before scan all the files within.

MAYBE this feature is included in the latest version of ClamAV, and maybe only Ubuntu distribution is using this version. But not sure about nothing.

Max Cuttins
  • 143
  • 1
  • 7
  • Can you provide versions of your CentOS release, and clamav rpm packages? How do you pass emails to ClamAV? – mvillar Feb 09 '17 at 14:25

2 Answers2

0

You can look at man clamscan to see whether it supports scanning archive files or not. It also shows the default option value. Here is a similar post on askubuntu.

Here is the relevant part from manual from one of my servers:

--scan-archive[=yes(*)/no] Scan archives supported by libclamav. If you turn off this option, the original files will still be scanned, but without unpacking and additional processing.

Community
  • 1
Khaled
  • 36,533
  • 8
  • 72
  • 99
0

By default it does, see ClamAV man file:

--scan-archive[=yes(*)/no]
  Scan archives supported by libclamav. If you turn off this option,
  the original files will still be scanned, but without unpacking and 
  additional processing.

https://linux.die.net/man/1/clamscan

Whether your mail system does it, depends on the configuration of the mail system.

mzhaase
  • 3,798
  • 2
  • 20
  • 32