RE: [Declude.Virus] F-Prot tagging zips as code 8

[John Tolmachoff \(Lists\)]

Title: Message

The thing is, it used to work as I have done that before. Renaming the file is only to bypass the banned extension. The file is still scanned. However, F-Prot never stopped it as code 8 before.   John T eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, April 14, 2005 11:57 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] F-Prot tagging zips as code 8   John, I don't think you mention what kind of file was in your encrypted zip.  I just took a try at repeating the test as it may be applicable to my own environment.   I block encrypted banned extensions with:   BANEZIPEXTS ON   and ..doc file is not in my list of banned extensions, just the usual executable extension.  I also use return code 8 with my f-prot.   I sent a zip file with a single password protected MS Word .doc file (using the standard zip password scheme) using a non-trivial password in case there is password guessing involved.  No problem, it came through Declude just fine.   I then renamed the zip file to blahblah._ip and sent the test message again.  No problem, it came through just fine.   If you're talking about sending executables, then I'm not worried about whether F-Prot returns code 8 (suspicious file) or whether BANEZIPEXTS ON catches, as I expect to catch these.  This is acceptable in my corporate environment.   We have never advised people to rename files in order to work around our antivirus software, but they've always tried!  They've also always failed, as our internal software (Trend Micro) does not trust extensions as file-type identification.   I hope that helps,   Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, April 14, 2005 11:33 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] F-Prot tagging zips as code 8 I guess my question is what has changed in F-Prot and is any one else seeing this? F-Prot was not tagging these before?   John T eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, April 14, 2005 11:13 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] F-Prot tagging zips as code 8   My fault for the misread, but I also addressed the issue regardless.  Remove VIRUS CODE 8 from your config if you don't want for this to happen. Matt John Tolmachoff (Lists) wrote: John,   I know that you don't follow this logic, but banning regular zips is extreme and unnecessary IMO.  Declude will scan any attachment       Matt, my original post said encrypted zips. This was an encrypted zip and contained a executable.   I do not ban regular zips unless they contain an executable.   This zip has to go out encrypted.   John T eServices For You     --- This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".    The archives can be found at http://www.mail-archive.com.         -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================