> The problem here is that the mail client (a program whose name is as poor > as its MIME handling: "Mail A.01.77") is giving out 2 different names for > the file. In one location, it calls the file "EPM11002.FILES.CANJET", in > the other location it calls it "EPM11002.TXT". While Declude Virus knows > that a TXT file is safe, it doesn't know that a CANJET file is not > safe. To ensure that the extension gets handled properly (as the worst > possible file extension), it is treated as an .EXE file.
But if this is the case, how will a file be caught if somebody renames a .zip to a .zio?
Will declude know the difference. Would be wonderful if it did!
That's something very different. In the case here, the mail client is calling the E-mail both "file.zip" and "file.zio" (in which case Declude Virus assumes the worst, and treats it as a .exe). In the case you are talking about, the file is named just "file.zio" (in which case it is handled as a .zio file -- and delivered, unless you block .zio files).
We are considering an option to automatically detect .ZIP files, even if they are renamed, just in case future viruses try asking their victims to rename the file before extracting and running the virus.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
