MailScanner and password protected archives
Kai Schaetzl
maillists at conactive.com
Wed Jul 25 22:17:31 IST 2007
Scott Silva wrote on Wed, 25 Jul 2007 12:10:41 -0700:
> I am not sure if virus scanners can scan in a password-protected archive. That
> is why they were used for malware last year.
Yepp. It seems that they usually can, at least this is said about clamav, but
the result may not be as reliable. I guess just zipping with different
compression ratios will make any signatures useless. So, you cannot rely on that
and have to treat every protected archive as possible malware with a
significantly high rate of false positives. Which means you cannot treat them as
a virus, the false positive rate forbids this.
>
> I personally don't allow password-protected archives at our site and none of
> my users have complained.
Well, I'm providing services for others, it's not feasible that they email me
each time before getting such an archive. They get as much protection and as
little bothering as possible. And, yes, it happens that legitimate
password-protected archives get sent to my clients. That's how I found out that
I had to tell them to ask for resending after I put the sender on the "no scan"
list.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list