For example, when a virus sample is sent to McAfee's AVERT, they want a zip encrypted with "infected". Currently I expect that since I'm blocking EZips, I could not send a sample to AVERT though my e-mail server.
The danger would be that viruses, etc. might use this system against us. As long as each site chose it's own (different) White list Code Word, and changed it as needed, that risk should be low.
A few viruses (none of the current batch?) have responded to currently unanswered e-mails, so that would increase the risk of a virus getting through.
The White list Code Word would NOT be related to the Zip file password. So the subject might be "My important and encrypted info [CodeWord$12]"
Would we only want to override the "ban ezip"? Leave other checking like extension blocking (no EXEs or PIFs) in place? Still pass the file to the virus scanners?
Although this concept could be extended to white list past all kinds of checking, a poorly configured/administered mail server could have some huge holes.
I like the idea, but sometimes the details get messy.
For the sites that need to handle EZips, it might be a way to open the door and still keep most of the protections in place.
--
Greg Little
Kami Razvan wrote:
Scott:
Just an idea...
What if you extend the idea of White list password to Declude Virus- for password protected zip files.
If the subject has a code then the attachment with password protected will be skipped. If you can take the subject and delete the password before passing it on it can work great.. Sort of like the password protected list in IMail.
This can solve a lot of problems.. But I am sure it can introduce more.
Kami
--- [This E-mail scanned for viruses by Findlay Internet]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
