[Mimedefang] survey: dropping password protected file
David F. Skoll
dfs at roaringpenguin.com
Wed Mar 3 09:49:50 EST 2004
On Wed, 3 Mar 2004, EKB wrote:
> How about just "defanging" any encrypted zip by renaming it and adding a
> brief warning message. We receive lots of valid encrypted zip files so
> deleting them is not an option.
A third option is to list the zip file directory and reject it if it
contains either another zip file or any banned extensions. Zip
encryption encrypts the file contents, but it doesn't seem to encrypt
the directory listing -- I tested an "unzip -l" on a captured
encrypted virus, and it listed the .exe just fine.
We're going to look at integrating Archive::Zip into mimedefang, because this
is becoming an issue for our CanIt customers also.
Regards,
David.
More information about the MIMEDefang
mailing list