Password Protected .rar files

Hugo van der Kooij hvdkooij at
Sat Apr 28 22:07:14 IST 2007

On Sat, 28 Apr 2007, Drew Marshall wrote:

> One of my clients has recently been sent a password protected rar file. The 
> body of the mail is a gif image which uses social engineering (Based on the 
> user having a virus and the attached file has the miracle cure) to open this 
> file.
> This went sailing through MailScanner, passed F-Prot, Clam & Bitdefender and 
> passed the option to not allow password protected archive files. I have 
> checked my path to unrar, which is fine and all the other parameters are all 
> ok too.
> First question: Any one else seen these?

I am not sure if rar is not a bit peculiar about password protected files.

BitDefender allows no explicit blocking of password protected files. 
f-prot does not have a commandline option for this either.

clamscan has the --block-encrypted option but I am not aware of an 
equivalent for the module configuration.


 	hvdkooij at
 	    This message is using 100% recycled electrons.

 	Some men see computers as they are and say "Windows"
 	I use computers with Linux and say "Why Windows?"
 		(Thanks JFK, for the insight.)

More information about the MailScanner mailing list