MailScanner and password protected archives
Kai Schaetzl
maillists at conactive.com
Wed Jul 25 19:13:03 IST 2007
Scott Silva wrote on Wed, 25 Jul 2007 09:52:58 -0700:
> Being a password protected archive, wouldn't it be "their choice" to just open
> it in the first place if set to "Allow Password Protected Archives = yes"?
> It seems an unnecessary step if you are still letting the end user release it.
Hm, if I get 100 password-protected archives and one of them is not spam/malware
I surely prefer to stop them all at the gate and let the one user with the
legitimate one release it instead of unnecessarily flooding other mailboxes with
password-protected spam/malware.
It's the same "their choice" as to let them open spam themselves to decide if it
is spam or not. Do we do that? Most of us probably not, we quarantine it.
Or did I understand your remark wrong?
The problem is that it gets handled as a virus although it may not be a virus
(and actually at the moment the chance is high that it is not a virus). Positive
virus detection is very secure AFAIS, so *if* a virus is detected it's quite
safe to discard it and not store it, as it's almost guaranteed to be correctly
detected and no one would want to release it.
That's not the case with password-protected archives. There is only a good
chance that they are malware or spam, so you would want to store and give the
chance to release it.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list