Stupid answer from McAfee...
Denis Beauchemin
Denis.Beauchemin at USHERBROOKE.CA
Thu Mar 4 03:33:17 GMT 2004
Hello all,
Our security officer contacted McAfee to let them know about our
detection problems with password-protected zip files.
Here is their answer:
The reason this is happening is because the archive file when sent is encrypted as a password protected file. In order for the desktop/server products to detect these virus's the end-user would need to launch the .ZIP, manually enter in the password and at that point when the EXE is written to the local disk a detection would occur. The Perimeter products and Stinger scan at a top level in which these detection's are taking place because of a generic detection from the signature of the archive itself. The command line scanner is not able to open the file without firt providing the password.
In other words, they say it is a technical problem that prevents their command-line utility to detect password-protected zip files, but they also say that their small cleaning program (Stinger) and their email scanning software are able to detect them!
Looks like they want to restrict this capability to some of their products... a very bad decision!!!
Denis
More information about the MailScanner
mailing list