[rescue] Re: NetApps

Phil Stracchino alaric at caerllewys.net
Thu Apr 8 13:18:04 CDT 2004

On Thu, Apr 08, 2004 at 01:30:28PM -0400, Kevin wrote:
> We do SCAN all incoming emails, once with clamav at my email
> gateway and then again with Norton A/V for Exchange.  Neither of
> which can scan password protected ZIP files.  There are virii
> that send themselves out inside of password protected ZIP files. 
> The password is written inside the message body of the email and
> it instructs the user how to unzip it.  Now it is unbelievable
> that some moron user would actually DO what the email tells him
> to, but that is NOT my fault, and blocking ZIP files is the best
> way we know of to get around this if we are relegated to using MS
> OSes in the first place.

True, and I wasn't aware of the password-protected-zip-virus trick.
Surely, then, the preferred method would be to block zip attachments by
filetype, not by extension?

Another, more sophisticated, approach also suggests itself:  Scan all
file attachments.  Discard all infected attachments.  Assume that any
attachment which cannot be scanned is infected, and discard it too.

How about that?

 .*********  Fight Back!  It may not be just YOUR life at risk.  *********.
 : phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
 :  alaric at caerllewys.net|phil-stracchino at earthlink.net|phil at novylen.net  :
 :   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)   :
 :    Linux Now!   ...Because friends don't let friends use Microsoft.    :

More information about the rescue mailing list