" The reason it is getting through is a combination of [1] the mailserver AV program can't detect the virus (it is impossible in many cases)"
We said the same thing in a different way. The reason the AV software can't detect the virus because it is unable to open the zip because it is password protected. -----Original Message----- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 2:18 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Zip attachments >The reason the virus is getting through is because Norton (or any other >virus scanner) can't open it due to the password. Actually, that isn't quite true. The reason it is getting through is a combination of [1] the mailserver AV program can't detect the virus (it is impossible in many cases), and [2] you aren't blocking encrypted .ZIP files. Any decent mailserver AV program should offer the option to block encrypted .ZIP and encrypted .RAR files (without blocking unencrypted .ZIP/.RAR files). >So yeah the spammers and >virus writers are depending on users being ignorant enough to actually >follow the steps in the email to place the password in the zip message so it >can deliver it's payload. ... and depending on mailserver AV software that allows encrypted .ZIP/.RAR files through. >Personally I don't let IMail rules handle my attachment blocking needs. Very, very wise choice. :) Doing so won't catch 'em all, and will catch E-mails they should not. >I let the Norton Antivirus Scan Engine handle that through their attachment >blocking features. I've gotten zero false positives with Norton, when I was >getting several a day with IMail because of their use of rules. That's normal. No mailserver AV program should ever block an attachment that it shouldn't. If so, there is a bug somewhere. With filters, you see false positives, because you can't specify exactly what needs to be done. Filters don't do MIME parsing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
