Password Protected .rar files

Alex Neuman van der Hans alex at
Sat Apr 28 15:48:20 IST 2007

Drew Marshall wrote:
> Hi all
> One of my clients has recently been sent a password protected rar 
> file. The body of the mail is a gif image which uses social 
> engineering (Based on the user having a virus and the attached file 
> has the miracle cure) to open this file.
> This went sailing through MailScanner, passed F-Prot, Clam & 
> Bitdefender and passed the option to not allow password protected 
> archive files. I have checked my path to unrar, which is fine and all 
> the other parameters are all ok too.
I believe it would help a lot if you sent along a log snippet detailing 
the ingestion, digestion, and excretion (to put it in biological terms) 
of this message.

It also helps if you can reproduce the problem. Can you send the rarfile 
through again? Same results? If so, try to turn on all logging features 
in MailScanner and copy the relevant bits to the list ... I'm sure 
someone will be able to help.

You also have to make sure some easy-to-overlook things haven't 
happened, such as "scan messages = no" triggered by a ruleset, your MTA 
running by itself for whatever reason (instead of "in tandem" with 
MailScanner), etc.

More information about the MailScanner mailing list