So if I understand correctly, I should be able to send a zip file to somebody on my server and they will receive it? But, if it was zip file that contained a scr or pif or whatever, Declude would stop it?
I haven't seen that work yet. I can understand the password protected zips. ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 24, 2004 6:31 PM Subject: Re: [Declude.Virus] Trend and McAfee installed on same machine > > >So the scanners can't catch them? > > Correct. > > That's why we came out with the interim release to block all encrypted .ZIP > files. Without being able to do that, you can't block all viruses. > > There are static encrypted .ZIP files (which are always the same, and > therefore always have the same file length and CRC), which can be detected > with very little chance of false positives. But there are also dynamic > encrypted .ZIP files, which have lengths and CRCs that change, which cannot > be accurately detected (unless there is a limited number of variations). > > >Our company utilizes Zip files and Password Protected Zips on a daily basis. > >Is there anything that will catch them with Declude? Any other virus > >scanners? > > No. The problem is that without a password the *only* information that the > virus scanner has is the filename, the length of the file and the > CRC. Given that the virus can vary all 3 pieces of information, it becomes > impossible to detect (except using AI to determine the password, but virus > writers are already using passwords hidden in pictures to bypass AI attempts). > > One option (with Declude Virus Pro) is to ban file extensions within .ZIP > files (blocking all .EXE, .PIF, .SCR, .BAT, .COM, etc. files). The other > option would be to rename the .ZIP file to use another extension. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
