Password Protected .rar files
Alex Neuman van der Hans
alex at nkpanama.com
Sat Apr 28 15:48:20 IST 2007
Drew Marshall wrote:
> Hi all
> One of my clients has recently been sent a password protected rar
> file. The body of the mail is a gif image which uses social
> engineering (Based on the user having a virus and the attached file
> has the miracle cure) to open this file.
> This went sailing through MailScanner, passed F-Prot, Clam &
> Bitdefender and passed the option to not allow password protected
> archive files. I have checked my path to unrar, which is fine and all
> the other parameters are all ok too.
I believe it would help a lot if you sent along a log snippet detailing
the ingestion, digestion, and excretion (to put it in biological terms)
of this message.
It also helps if you can reproduce the problem. Can you send the rarfile
through again? Same results? If so, try to turn on all logging features
in MailScanner and copy the relevant bits to the list ... I'm sure
someone will be able to help.
You also have to make sure some easy-to-overlook things haven't
happened, such as "scan messages = no" triggered by a ruleset, your MTA
running by itself for whatever reason (instead of "in tandem" with
More information about the MailScanner