Password protected zips into quarantine by ruleset

Martin Hepworth maxsec at
Fri Jun 13 12:29:44 IST 2014

Check out the

Personally i double check these as this is still a well used attack vector
for the bad guys and every now and again you get a sudden increase of the
stupid things.

Martin Hepworth, CISSP
Oxford, UK

On 13 June 2014 11:38, Stef Morrell <stef at> wrote:

> Hi guys,
> I'm struggling a bit with how MS deals with password protected zipfiles,
> so any of the below could be complete misinterpretation, feel free to
> correct my ignorance!
> It seems to me that MS detects password protected zips by means of being
> informed by the virus scanner and then treating it as a virus, using the
> special keyword Zip-Password in various MailScanner.conf settings.
> And then there is the
> Allow Password-Protected Archives = <yes/no>
> setting.
> Somewhere in all this I would like to be able to have a ruleset which says
> for password protected zipfiles, I can allow them to pass (for users who
> get them all the time), quarantine (for users who get them occasionally),
> or default block.
> And I can't for the life of me work out how to achieve this.
> Can anyone advise?
> Thanks
> Stef
> --
> MailScanner mailing list
> mailscanner at
> Before posting, read
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list