Password protected Zip archives

Mike Brudenell pmb1 at YORK.AC.UK
Mon Mar 22 17:09:02 GMT 2004 

Greetings -

I'm not sure if my message of last Thursday went out to the list: I got an
unexpected duplicate of my posting and didn't hear/see any replies go by...


Having just upgraded to MailScanner 4.29-3 I've been trying to get my head
around how the various directives in MailScanner.conf interact with regard
to password-protected Zip archives.  Although the comments in the file are
extensive I'm afraid I'm still confused...


We use
    Silent Viruses = HTML-IFrame All-Viruses HTML-Codebase
and I understand from the comment that the "All-Viruses" keyword implicitly
includes the "Zip-Password" keyword.

The other relevant settings are as follows:
    Still Deliver Silent Viruses = no
    Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/
    Allow Password-Protected Archives = yes


>From the comments for "Silent Viruses" I understand that when a
password-protected Zip archive is sent:

    Having "Zip-Password" (albeit implicitly as we are using "All-Viruses")
    in the "Silent Viruses" directive means that:

        *  The sender is not notified (because the of the Silent Viruses
           lists "Zip-Password" and Non-Forging Viruses does not);

        *  No attempt at disinfection is made, although the message is
           'cleaned' by having its problematic attachments removed;

        *  The intended recipient will NOT receive the message (because
           Still Deliver Silent Viruses is set to "no).

So where does "Allow Password-Protected Archives" fit into this?

Does having this set to "yes" allow such through, even with the
"All-Viruses" keyword lists in "Silent Viruses"?

I'm trying to set things up so that all *viruses* are treated as being
'silent' *BUT* that password-protected Zip archives *are* allowed through.
This combination seems to be precluded by having
    Silent Viruses = All-Viruses
imply "Zip-Password" as well?

Help?  Please?  :-}



Finally one small comment about the comment for "Allow Password-Protected
Archives", which reads:

    # Should archives which contain any password-protected files be allowed?
    # Leaving this set to "no" is a good way of protecting against all the
    # protected zip files used by viruses at the moment.

Does it really mean this? (ie, controlling whether ARCHIVES which CONTAIN
password-protected files are affected?)  Or does it really mean that it
controls whether PASSWORD-PROTECTED ARCHIVES are affected?


Cheers,

Mike B-)

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

More information about the MailScanner mailing list