1 Topic by jlcmux

  • jlcmux
  • Member
  • Offline
  • Registered: 2014-11-17
  • Posts: 16

Topic: Malware - My new photo

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

Hello.

My clients receive always an email with the subjet ".my new photo" or "mi nueva foto" from "Angelina".  with foto.zip... this zip contain .exe.   

i've tried to block the domain and ip but the domain and ip always change.

do you know how to fix this problem?

thank you.!!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by answerman

  • answerman
  • Member
  • Offline
  • Registered: 2011-01-07
  • Posts: 69

Re: Malware - My new photo

Use Amavisd to block attachments containing *.exe's.

3 Reply by jlcmux

  • jlcmux
  • Member
  • Offline
  • Registered: 2014-11-17
  • Posts: 16

Re: Malware - My new photo

answerman wrote:

Use Amavisd to block attachments containing *.exe's.


yes but the .exe is contained in the .zip files..  i cant block de .zip files. sad


other idea?

4 Reply by hdco

  • hdco
  • Member
  • Offline
  • From: Vancouver, BC
  • Registered: 2014-10-02
  • Posts: 44

Re: Malware - My new photo

Your amavisd settings could be too generous... Can you post the X-Spam-* headers of an offending message?

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Malware - My new photo

Amavisd will extract compressed files automatically.

6 Reply by hdco

  • hdco
  • Member
  • Offline
  • From: Vancouver, BC
  • Registered: 2014-10-02
  • Posts: 44

Re: Malware - My new photo

ZhangHuangbin wrote:

Amavisd will extract compressed files automatically.

That's good to know, thanks.