Password Protected .rar files

Andrew MacLachlan amaclach at
Sat Apr 28 22:30:42 IST 2007

I have a copy forwarded from one of my customers - I can forward it on request. Interestingly Yahoo missed it too.

Andrew MacLachlan
H: +44 20 84677939
M: +44 7900 980314
E: amaclach at

----- Original Message ----
From: Alex Neuman van der Hans <alex at>
To: MailScanner discussion <mailscanner at>
Sent: Saturday, 28 April, 2007 3:48:20 PM
Subject: Re: Password Protected .rar files

Drew Marshall wrote:
> Hi all
> One of my clients has recently been sent a password protected rar 
> file. The body of the mail is a gif image which uses social 
> engineering (Based on the user having a virus and the attached file 
> has the miracle cure) to open this file.
> This went sailing through MailScanner, passed F-Prot, Clam & 
> Bitdefender and passed the option to not allow password protected 
> archive files. I have checked my path to unrar, which is fine and all 
> the other parameters are all ok too.
I believe it would help a lot if you sent along a log snippet detailing 
the ingestion, digestion, and excretion (to put it in biological terms) 
of this message.

It also helps if you can reproduce the problem. Can you send the rarfile 
through again? Same results? If so, try to turn on all logging features 
in MailScanner and copy the relevant bits to the list ... I'm sure 
someone will be able to help.

You also have to make sure some easy-to-overlook things haven't 
happened, such as "scan messages = no" triggered by a ruleset, your MTA 
running by itself for whatever reason (instead of "in tandem" with 
MailScanner), etc.
MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list