Password Protected .rar files

[Drew Marshall]

Hi all

One of my clients has recently been sent a password protected rar  
file. The body of the mail is a gif image which uses social  
engineering (Based on the user having a virus and the attached file  
has the miracle cure) to open this file.

This went sailing through MailScanner, passed F-Prot, Clam &  
Bitdefender and passed the option to not allow password protected  
archive files. I have checked my path to unrar, which is fine and all  
the other parameters are all ok too.

First question: Any one else seen these?

Second: Are they being stopped by anything (Messagelabs detected this  
as a virus, hence my concern)?

Finally: Shouldn't MailScanner have stopped this or is it only  
password protected zip files that it stops (And in turn shouldn't  
this be extended to cover all unscannable files?)

I have blocked all rar files now in the file type rules until I can  
get to the bottom of this. I have also sent a copy to the nice folks  
at ClamAV for good measure.

Regards

Drew

-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ