Password Protected .rar files
Andrew MacLachlan
amaclach at yahoo.co.uk
Sat Apr 28 22:30:42 IST 2007
I have a copy forwarded from one of my customers - I can forward it on request. Interestingly Yahoo missed it too.
Regards,
Andrew MacLachlan
H: +44 20 84677939
M: +44 7900 980314
E: amaclach at yahoo.co.uk
----- Original Message ----
From: Alex Neuman van der Hans <alex at nkpanama.com>
To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Sent: Saturday, 28 April, 2007 3:48:20 PM
Subject: Re: Password Protected .rar files
Drew Marshall wrote:
> Hi all
>
> One of my clients has recently been sent a password protected rar
> file. The body of the mail is a gif image which uses social
> engineering (Based on the user having a virus and the attached file
> has the miracle cure) to open this file.
>
> This went sailing through MailScanner, passed F-Prot, Clam &
> Bitdefender and passed the option to not allow password protected
> archive files. I have checked my path to unrar, which is fine and all
> the other parameters are all ok too.
>
I believe it would help a lot if you sent along a log snippet detailing
the ingestion, digestion, and excretion (to put it in biological terms)
of this message.
It also helps if you can reproduce the problem. Can you send the rarfile
through again? Same results? If so, try to turn on all logging features
in MailScanner and copy the relevant bits to the list ... I'm sure
someone will be able to help.
You also have to make sure some easy-to-overlook things haven't
happened, such as "scan messages = no" triggered by a ruleset, your MTA
running by itself for whatever reason (instead of "in tandem" with
MailScanner), etc.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list