Password protected zips into quarantine by ruleset

Martin Hepworth maxsec at gmail.com
Fri Jun 13 12:29:44 IST 2014


Check out the
http://www.mailscanner.info/MailScanner.conf.index.html#Silent%20Viruses
setting

Personally i double check these as this is still a well used attack vector
for the bad guys and every now and again you get a sudden increase of the
stupid things.

-- 
Martin Hepworth, CISSP
Oxford, UK


On 13 June 2014 11:38, Stef Morrell <stef at aoc-uk.com> wrote:

> Hi guys,
>
> I'm struggling a bit with how MS deals with password protected zipfiles,
> so any of the below could be complete misinterpretation, feel free to
> correct my ignorance!
>
> It seems to me that MS detects password protected zips by means of being
> informed by the virus scanner and then treating it as a virus, using the
> special keyword Zip-Password in various MailScanner.conf settings.
>
> And then there is the
>
> Allow Password-Protected Archives = <yes/no>
>
> setting.
>
> Somewhere in all this I would like to be able to have a ruleset which says
> for password protected zipfiles, I can allow them to pass (for users who
> get them all the time), quarantine (for users who get them occasionally),
> or default block.
>
> And I can't for the life of me work out how to achieve this.
>
> Can anyone advise?
>
> Thanks
>
> Stef
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140613/db51e193/attachment.html 


More information about the MailScanner mailing list