Blocking extensions inside of zip files

Dustin Baer dustin.baer at IHS.COM
Tue Jan 27 00:26:52 GMT 2004

Tristan Rhodes wrote:
> At work we use another antivirus solution (not my decision), and we have been manually adding the infected .zip files to our blocked attachment list.  We don't want to block all .zip files, and the virus definitions haven't been updated yet (or we haven't downloaded them yet.  Again not my decision).  So this is our best solution, blocking by filename.
> * more may be added as we see them

> Here is an idea for discussion... How about a filename check inside of
> zip files?  Similar to the current filename checks, only it also looks
> inside .zip files a certain depth of directories (or zip files).   If the
> .zip file continues too deep, then block the attachment.  Of course, if
> the virus scanners are currently used to expand zip files, then it would
> not make sense for MailScanner to do this.
> Tristan Rhodes

This is something that might be extremely worthwhile, considering how
fast this one spread using a zip file for "passage."

Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112

More information about the MailScanner mailing list