Password protected rar file
Peter Bonivart
peter at UCGBOOK.COM
Fri Jun 25 15:47:54 IST 2004
Vinayakam Murugan wrote:
> A password protected rar file containing a virus executable was received
> undetected. I tried running clamscan (ver 0.67) manually but it gives a
> segmentation fault. Anybody faced this problem before? Any ideas as to what I
> can try.
You can't scan encrypted archives. You can make signatures for known
virus archives in their encrypted form but it's a battle you can't win.
Since rar-files never carry anything but viruses and/or pirated software
you should block all of them and get rid of the problem. I allow normal
zips (since they can be scanned) and block encrypted zips (since they
can't be scanned). Rar-files I just block regardless of encrypted or
not. No complaints.
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.31.6,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.73 + GMP 4.1.2, Vispan 1.4
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list