False Positive, How do I resolve this?

[Scott Silva]

on 4-4-2008 2:54 PM Julian Field spake the following:
> 
> 
> Matt Kettler wrote:
>> Rose, Bobby wrote:
>>> Password protect zip unless you are blocking that.
>>
>> That shouldn't matter either. It might stop it, but it shouldn't.
>>
>> You can still read the filenames of a password protected zipfile 
>> without the password, so there's no technical reason why MailScanner 
>> can't still apply filename rules to encrypted zipfiles.
> And indeed it does. You can even switch it on and off, of course :-)
> Straight out of MailScanner.conf:
> 
> # Normally, you can still get the filenames out of a password-protected
> # archive, despite the encryption. So by default filename checks are still
> # done on these files. However, some people want to suppress this checking
> # as they allow a few people to receive password-protected archives that
> # contain things such as .exe's as part of their business needs. This 
> option
> # can be used to suppress filename checks inside password-protected 
> archives.
> # This can also be the filename of a ruleset.
> Check Filenames In Password-Protected Archives = yes
> 
> Jules
> 
The only thing with that is there were password protected zip files with exe's 
that were virulent malware. So an admin needs to weigh this very carefully.

"There is no such thing as "user proof". The best you can hope for is "user 
resistant".



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/de03c64b/signature.bin