Password Protected .rar files

Drew Marshall drew at
Sat Apr 28 10:24:33 IST 2007

Hi all

One of my clients has recently been sent a password protected rar  
file. The body of the mail is a gif image which uses social  
engineering (Based on the user having a virus and the attached file  
has the miracle cure) to open this file.

This went sailing through MailScanner, passed F-Prot, Clam &  
Bitdefender and passed the option to not allow password protected  
archive files. I have checked my path to unrar, which is fine and all  
the other parameters are all ok too.

First question: Any one else seen these?

Second: Are they being stopped by anything (Messagelabs detected this  
as a virus, hence my concern)?

Finally: Shouldn't MailScanner have stopped this or is it only  
password protected zip files that it stops (And in turn shouldn't  
this be extended to cover all unscannable files?)

I have blocked all rar files now in the file type rules until I can  
get to the bottom of this. I have also sent a copy to the nice folks  
at ClamAV for good measure.



In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

More information about the MailScanner mailing list