Blocking extensions inside of zip files
Dustin Baer
dustin.baer at IHS.COM
Tue Jan 27 00:26:52 GMT 2004
Tristan Rhodes wrote:
>
> At work we use another antivirus solution (not my decision), and we have been manually adding the infected .zip files to our blocked attachment list. We don't want to block all .zip files, and the virus definitions haven't been updated yet (or we haven't downloaded them yet. Again not my decision). So this is our best solution, blocking by filename.
>
> file.zip
> document.zip
> body.zip
> * more may be added as we see them
USERTRAN.zip
cflxzts.zip
data.zip
doc.zip
fidnm.zip
jqjdjk.zip
jxbyvq.zip
message.zip
readme.zip
test.zip
text.zip
vkfyysw.zip
> Here is an idea for discussion... How about a filename check inside of
> zip files? Similar to the current filename checks, only it also looks
> inside .zip files a certain depth of directories (or zip files). If the
> .zip file continues too deep, then block the attachment. Of course, if
> the virus scanners are currently used to expand zip files, then it would
> not make sense for MailScanner to do this.
>
> Tristan Rhodes
This is something that might be extremely worthwhile, considering how
fast this one spread using a zip file for "passage."
Dustin
--
Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836
More information about the MailScanner
mailing list