multi-volume RAR archive problem

Hugo van der Kooij hvdkooij at
Tue Jan 25 11:26:03 GMT 2011

On Tue, 25 Jan 2011 13:46:10 +0800, Curu Wong  wrote:  

My question
is, what's the better solution? can we tell if a RAR archive is
multi-volumed and just skip processing it? Is it a good policy to
restart ms itself(due to external failure) and do the exact same(should
always fail) action toward the offending message?  

>From a security
standpoint it is unwise to allow such files. I could craft my malware to
split the malicious code into multiple archives and avoid detection.

>From my point of view one should supply an alternative method for
exchanging files that can't comfortably fit into a sngle message. 


hvdkooij at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list