Attachments - packed files

Simon Dick simon at ADVANTAGE-INTERACTIVE.COM
Mon Mar 3 20:02:11 GMT 2003


On Mon, 2003-03-03 at 19:16, Julian Field wrote:
> At 17:47 03/03/2003, you wrote:
> >Julian Field <mailscanner at ECS.SOTON.AC.UK> wrote ..
> > > At 15:37 03/03/2003, you wrote:
> > > >         I want to just make sure that MailScanner doesn't unpack
> > > >attachments with a corresponding external program. Why am I asking?
> > > >Some antivirus scanners aren't perfect and I want to unpack all the
> > > >compressed attachments for them and then let them scan the unpacked
> > > >files. Has anybody written such hack or his own antivirus wrapper?
> > >
> > > All the decent anti-virus programs unpack every common archive format
> > > already. If your scanning engine doesn't unpack archives, then I suggest
> > > you buy a better one :-)
> > > You are quite correct, MailScanner doesn't unpack archives (as it doesn't
> > > need to).
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> >
> >To be honest, even those decent antivirus programs aren't perfect.
> >The majority of the programs are black boxes, you just believe that
> >it works. MailScanner is a nice program and maybe it would be nice
> >to have a separate layer for unpacking, where you can control for
> >example the nesting depth and prevent various DoS attacks.
>
> MailScanner is already protected against this type of DoS attack. The
> famous "zip of death" causes no problem at all.

Until you get to the virus scanners checking it, I've tried that 42.zip
file with my install of mailscanner (not the latest version now, but it
was at the time) and both f-prot and clamav used most of the cpu time.
Shame there's no way to detect the zip file before passing it through :|

--
Simon Dick <simon at advantage-interactive.com>



More information about the MailScanner mailing list