This is a big potential problem at the moment for one of my clients (Release 5.0.6_GA_2313.RHEL4_20080522102400 CentOS4 FOSS edition) which is receiving lots of the 'Fedex' virus emails.
The emails have an attachment called fedex_mNNNN.zip which contains a file called fedex_mNNNN.exe. Currently, ClamAV is not detecting this as a virus but TrendMicro's OfficeScan on the PCs are catching it.
So, even though Zimbra is configured to block .EXE attachments, this .exe is getting through.
I've blocked .zip files for the moment - and probably for the longer term until the blocking of attachment types can be extended to those within archive files. |