MailScanner and password protected archives
Scott Silva
ssilva at sgvwater.com
Wed Jul 25 23:03:16 IST 2007
Kai Schaetzl spake the following on 7/25/2007 2:17 PM:
> Scott Silva wrote on Wed, 25 Jul 2007 12:10:41 -0700:
>
>> I am not sure if virus scanners can scan in a password-protected archive. That
>> is why they were used for malware last year.
>
> Yepp. It seems that they usually can, at least this is said about clamav, but
> the result may not be as reliable. I guess just zipping with different
> compression ratios will make any signatures useless. So, you cannot rely on that
> and have to treat every protected archive as possible malware with a
> significantly high rate of false positives. Which means you cannot treat them as
> a virus, the false positive rate forbids this.
>
>> I personally don't allow password-protected archives at our site and none of
>> my users have complained.
>
> Well, I'm providing services for others, it's not feasible that they email me
> each time before getting such an archive. They get as much protection and as
> little bothering as possible. And, yes, it happens that legitimate
> password-protected archives get sent to my clients. That's how I found out that
> I had to tell them to ask for resending after I put the sender on the "no scan"
> list.
>
>
> Kai
>
I keep forgetting that many of you run hosting facilities. The list seems to
slip into informal mode so often.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list