multi-volume RAR archive problem
Hugo van der Kooij
hvdkooij at vanderkooij.org
Tue Jan 25 11:26:03 GMT 2011
On Tue, 25 Jan 2011 13:46:10 +0800, Curu Wong wrote:
My question
is, what's the better solution? can we tell if a RAR archive is
multi-volumed and just skip processing it? Is it a good policy to
restart ms itself(due to external failure) and do the exact same(should
always fail) action toward the offending message?
>From a security
standpoint it is unwise to allow such files. I could craft my malware to
split the malicious code into multiple archives and avoid detection.
>From my point of view one should supply an alternative method for
exchanging files that can't comfortably fit into a sngle message.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use:
http://hugo.vanderkooij.org/0x58F19981.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110125/22295a3c/attachment.html
More information about the MailScanner
mailing list