MailScanner and password protected archives
Scott Silva
ssilva at sgvwater.com
Wed Jul 25 20:10:41 IST 2007
Kai Schaetzl spake the following on 7/25/2007 11:13 AM:
> Scott Silva wrote on Wed, 25 Jul 2007 09:52:58 -0700:
>
>> Being a password protected archive, wouldn't it be "their choice" to just open
>> it in the first place if set to "Allow Password Protected Archives = yes"?
>> It seems an unnecessary step if you are still letting the end user release it.
>
> Hm, if I get 100 password-protected archives and one of them is not spam/malware
> I surely prefer to stop them all at the gate and let the one user with the
> legitimate one release it instead of unnecessarily flooding other mailboxes with
> password-protected spam/malware.
> It's the same "their choice" as to let them open spam themselves to decide if it
> is spam or not. Do we do that? Most of us probably not, we quarantine it.
> Or did I understand your remark wrong?
>
> The problem is that it gets handled as a virus although it may not be a virus
> (and actually at the moment the chance is high that it is not a virus). Positive
> virus detection is very secure AFAIS, so *if* a virus is detected it's quite
> safe to discard it and not store it, as it's almost guaranteed to be correctly
> detected and no one would want to release it.
> That's not the case with password-protected archives. There is only a good
> chance that they are malware or spam, so you would want to store and give the
> chance to release it.
>
> Kai
>
I am not sure if virus scanners can scan in a password-protected archive. That
is why they were used for malware last year.
I personally don't allow password-protected archives at our site and none of
my users have complained. If they did, I would add a ruleset only allowing it
from a specified site to that user. I would think that if a user gets a
password protected zip, they should know it is coming. If the password is in
the e-mail with the archive, it is probably a virus/malware. Otherwise, why
would you password protect it?
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list