[EMAIL PROTECTED] said: > About the only thing I can think of is to allow an option to quarantine > any > encrypted contents of an attached archive.
I covered this item a few months ago, including how to detect encrypted files in uvscan. Virus's are similar to biological creatures, they need to minimize the effort to spread, requiring decryption with password will slow spread. Currently encrytption does nto add much to the spread of a virus. Any virus as Big D says, can be polymorphic in theory. Along those lines, it is just a matter of time until a 0day virus comes along and kicks you in the teeth, hard. Imo you need to prepare for that day, by scanning with multiple virus scanners, greylisting to reject zombie dsl's, and block all the standard attachment types. It is just a matter of time until a virus slips by before your virus def's update, and they only way to block that for sure is to block extensions. When a virus hits it hits in a wave of infections, suddenly you have hundreds per day.... The 9th rule of security and most important is to minimize access, if they don't need those file extensions then block them. As Big D says, some customers just block extensions and dont' virus scan, and they have exactly 0 infections. So this new bagle virus hit, by buddy didn't get it because his virus def's didn't update, I blocked it because I blocked that extension, and he relied solely on the virus scanner. <brag mode on> Actually I only got 2 of them because I reject on invalid hostname on the helo string...so it did not even hit my virus scanner. </brag mode off> Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
