Blocked Extensions in password-protected zip archives

Scott Silva ssilva at sgvwater.com
Tue Aug 14 19:58:36 IST 2007 

Sattler, Tim spake the following on 8/14/2007 4:58 AM:
> I have set "Allow Password-Protected Archives = yes", but encrypted 
> archives are nevertheless blocked if they contain files with blocked 
> extensions. 
> 
> Now I could set "Maximum Archive Depth = 0" to solve this issue, but 
> then files with blocked extensions would also pass in non-protected 
> archives, which is not what I want. 
> 
> Therefore, I would either need an option to disregard blocked 
> extensions within password-protected archives or the possibility to 
> use a ruleset for "Maximum Archive Depth" with a different result for
> protected and non-protected archives.
> 
> PS: I know it's an additional risk to let password-protected archives 
> pass through, but it's a business need.
> 
> Regards
> Tim
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kai Schaetzl
> Sent: Tuesday, August 14, 2007 12:32 PM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: Blocked Extensions in password-protected zip archives
> 
> Tim Sattler wrote on Tue, 14 Aug 2007 09:49:24 +0200:
> 
>> Is it possible? Or is there another way how I can achieve a different 
>> handling of blocked extensions for password-protected on one hand and 
>> normal zip archives on the other?
> 
> Are you sure this is a matter of "blocked extensions"? I rather think this 
> is a matter of "password-protected archive". MailScanner treats 
> password-protected archives as viruses. It would need to stop that. This 
> topic has come up regularly in the past, but Julian is reluctant to do 
> this. The effect of handling it as a virus is that it doesn't get saved to 
> the quarantine (if you keep it "clean") and thus can't be released.
> 
> If you want to have all password-protected archives just pass thru 
> directly in the inboxes then set
> Allow Password-Protected Archives = yes
> but this will also allow password-protected archives with malware right in 
> the inbox.
> 
> Kai
> 
Why not use a ruleset on both allow password protected archives and maximum
archive depth. A PITA to maintain, but more secure.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list