New virus
Kevin Miller
Kevin_Miller at CI.JUNEAU.AK.US
Thu Jan 12 19:25:10 GMT 2006
Julian Field wrote:
> Scott Silva wrote:
>
>> Julian Field spake the following on 1/12/2006 6:23 AM:
>>
>>
>>> The filename.rules.conf should by default be trapping *.hta files,
>>> even inside zip files. So it should still be caught by MailScanner,
>>> even without the AV engines.
>>>
>>>
>>>
>> But having Maximum Archive Depth = 0 will prevent MailScanner from
>> catching this in zip files, won't it?
>>
>>
> Yes. That is your choice to use that setting, I don't personally
> advise it.
What are the implications of setting Maximum Archive Depth = 2 (the
default IIRC) and Allow Password-protected Archives = no? Will that
break anything?
The comments indicate that the archive depth should be set to 0 if
disabling password-protected archives. I have a rules file for password
protected archives, but it defaults for no. I like the protection from
the passworded zip virus files, but would also like to insure that I'm
protected on the hta, etc. front.
And if I do set the archive depth back to 2, won't I start putting the
kiebosh on legitimate .exe, and other files that folks zip to get past
the normal attachment checking? Don't know how much of an issue that is
right now but you know how users can get....
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list