Cоздаём файл в /var/db/clamav/archive.zmd c содержимым:
Block.EXE-zip:0:\.exe$:*:*:*:*:*:*
Block.COM-zip:0:\.com$:*:*:*:*:*:*
Block.JS-zip:0:\.JS$:*:*:*:*:*:*
Перегружаем clamd.
Описание формата строки:
The (now obsolete) archive metadata signatures can be only applied to ZIP and RAR files and have the following format:
virname:encrypted:filename:normal size:csize:crc32:cmethod:fileno:max depth
where the corresponding fields are:
• Virus name
• Encryption flag (1 – encrypted, 0 – not encrypted)
• File name (this is a regular expression - * to ignore)
• Normal (uncompressed) size (* to ignore)
• Compressed size (* to ignore)
• CRC32 (* to ignore)
• Compression method (* to ignore)
• File position in archive (* to ignore)
• Maximum number of nested archives (* to ignore)
The database file should have the extension of .zmd or .rmd for zip or rar metadata
respectively.
Комментариев нет:
Отправить комментарий