HIPPA password protected zip files

Glenn Steen glenn.steen at GMAIL.COM
Tue Oct 25 21:28:16 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 25/10/05, Ed Bruce <ebruce at hpmich.com> wrote:
> Information Services wrote:
> > I can also set it to a path with a ruleset.  I would much rather set a
> > path instead of letting password protected zip files come through
> > unchecked.  From reading the MailScanner.conf file, and other posts,
> > it is not a wise idea to allow password protected zip files, but for
> > some clarity, even if you did allow these files, the antivirus
> > programs used in conjunction with mailscanner should still work
> > properly and notice virus related password protected zip's  right?
> >
> No, if by password protected you mean encrypted. There is no way to
> detect a virus in an encrypted file until its is unencrypted, which MS
> can't do.

To add some clarification (or confusion, depending on how you look at
it:), some AVs might have signatures for specific files, even though
they don't really decode the files.... But, the main benefit of saying
"No" to password protected archives is that this is a "proactive
defense" s where the AV programs mainly are "reactive defenses"....
The AV signature makers need see the malicious code to be able to make
signatures for them (yeah, I'm aware of the "new" buzz about heuristic
scans and sandboxing... won't come into play with a pwd protected
archive), while saying no will deny any threat posed by allowing it...
But if you need allow, then yes, do make a ruleset and keep the
allowed set small (and "numeric";).

> > In either case, what would be the proper format to create a ruleset to
> > allow HIPPA related password protected zip files?
> >
> >
> You have to determine that. I would suggest using the IP address and not
> a domain.
There are some examples in the install, and in the wiki
And why not take this as a reason to buy the book?-):-)

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list