Encrypted, delivered anyway

Mark Nienberg mark at TIPPINGMAR.COM
Thu Mar 25 21:45:46 GMT 2004


One of my users sent a password protected excel file to another one of my users. It
was delivered even though Sophos complained about it.  The log entries follow:

Mar 24 13:51:59 gingham sendmail[22190]: i2OLpxP22190:
from=<pam at tippingmar.com>, size=23029, class=0, nrcpts=1,
msgid=<4061927E.9361.123071B at localhost>, proto=ESMTP,
daemon=MTA, relay=Ath2100-1.tippingmar.com [192.168.254.53]

Mar 24 13:52:06 gingham MailScanner[20574]: New Batch: Scanning 1 messages,
23484 bytes
Mar 24 13:52:06 gingham MailScanner[20574]: Spam Checks: Starting
Mar 24 13:52:06 gingham MailScanner[20574]: Virus and Content Scanning: Starting

Mar 24 13:52:06 gingham MailScanner[20574]: ERROR:: File was encrypted (530):: .
/i2OLpxP22190/secret.xls

Mar 24 13:52:07 gingham MailScanner[20574]: Virus Scanning: SophosSAVI
found 1 infections

Mar 24 13:52:07 gingham MailScanner[20574]: Virus Scanning: Found 1 viruses
Mar 24 13:52:07 gingham MailScanner[20574]: Uninfected: Delivered 1 messages

Mar 24 13:52:07 gingham sendmail[22197]: i2OLpxP22190: to=<steve>,
ctladdr=<pam at tippingmar.com> (517/517), delay=00:00:08, xdelay=00:00:00,
mailer=local, pri=143029, dsn=2.0.0, stat=Sent

So I'm wondering, now that we are protected against password-protected zip files, do
we have to start worrying about password-protected Office files? After all, there could
be a macro virus in that document.

On a related note, see my post from Mar 23 entitled "Corrupted, delivered anyway."
Is this just a problem with the SAVI method of running sophos?
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave, Berkeley, CA  94704
visit our website at http://www.tippingmar.com



More information about the MailScanner mailing list