HIPPA password protected zip files

Julian Field MailScanner at ecs.soton.ac.uk
Tue Oct 25 21:58:32 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glenn Steen wrote:

>
>To add some clarification (or confusion, depending on how you look at
>it:), some AVs might have signatures for specific files, even though
>they don't really decode the files.... But, the main benefit of saying
>"No" to password protected archives is that this is a "proactive
>defense" s where the AV programs mainly are "reactive defenses"....
>The AV signature makers need see the malicious code to be able to make
>signatures for them (yeah, I'm aware of the "new" buzz about heuristic
>scans and sandboxing... won't come into play with a pwd protected
>archive), while saying no will deny any threat posed by allowing it...
>But if you need allow, then yes, do make a ruleset and keep the
>allowed set small (and "numeric";).
>  
>
As most of you probably realise, I am very strongly in favour of 
pro-active protection. It's one of the main differences between 
MailScanner and most of the competition, multiple layers of pro-active 
defence, meaning that it doesn't matter if your AV signatures are a 
little behind while the AV vendors work out their new detection patterns.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ16cfBH2WUcUFbZUEQIDFwCgp5pMsPImx5Q+Dwih0Z/6LjI+0tcAniXx
u5hbeLaZW8jpefnAjs/4oqJ/
=1Bdk
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list