I'm running ZCS Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 FOSS edition and so far everything is working pretty well. After a migration from 7.2.0 using ZeXtras I recreated my Virus Quarantine account and Amavis is blocking delivery of viruses every day. However, I've been noticing that we are receiving emails that are Spoofed from Efax, ADP, Xerox, and other entities that contain small ~100k .zip files which when unzipped in a sandbox environment are either a virus or malware.
Many times Zimbra will mark these as Spam and move them to the Junk folder for the users, but there are times where users are opening up the file attachments and infecting workstations.
Is there a way to block these small zip files by writing a custom rule or is there some sort of option in Zimbra to increase the effectiveness of Amavis/Clam?
So far it's not a major problem, but even with desktop AV/AS software installed to protect the workstations I'd still like to eradicate any potential malware/viral payloads.
Any suggestions guys?