Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password protected ZIP's and Email Viruses

From: Michael_Maloney <Michael_Maloney () MIDDLESEXCC EDU>
Date: Tue, 2 Mar 2004 16:09:19 -0500
Sorry about that.. By doing this, the AV software can open the archive and
remove the blocked attachment.  I'm not sure if it can still perform the
scan on it or not, my thinking would be no because it needs to extract the
file in order to scan it, and that requires the password.

Mike


********************************************
Mike Maloney
Sr. System Engineer
Middlesex County College
2600 Woodbridge Avenue
Edison, NJ 08818
Phone: 732-906-7754
Cell: 908-217-2086
Fax: 732-906-4266
Email: Michael_Maloney () middlesexcc edu
********************************************
-----Original Message-----
From: Gary Flynn [mailto:flynngn () JMU EDU]
Sent: Tuesday, March 02, 2004 3:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password protected ZIP's and Email Viruses

Michael_Maloney wrote:


I found that by adding the "+" character to file extensions that are
blocked (.exe+, .cmd+, .vbs+ etc etc), the A/V software can now
recognize that file extension and perform the necessary actions on it.


Do you mean the AV software can then open and scan the password protected
ZIP or do you mean the mail server can block it based on the attachment
name?

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: