So the scanners can't catch them?
Correct.
That's why we came out with the interim release to block all encrypted .ZIP files. Without being able to do that, you can't block all viruses.
There are static encrypted .ZIP files (which are always the same, and therefore always have the same file length and CRC), which can be detected with very little chance of false positives. But there are also dynamic encrypted .ZIP files, which have lengths and CRCs that change, which cannot be accurately detected (unless there is a limited number of variations).
Our company utilizes Zip files and Password Protected Zips on a daily basis. Is there anything that will catch them with Declude? Any other virus scanners?
No. The problem is that without a password the *only* information that the virus scanner has is the filename, the length of the file and the CRC. Given that the virus can vary all 3 pieces of information, it becomes impossible to detect (except using AI to determine the password, but virus writers are already using passwords hidden in pictures to bypass AI attempts).
One option (with Declude Virus Pro) is to ban file extensions within .ZIP files (blocking all .EXE, .PIF, .SCR, .BAT, .COM, etc. files). The other option would be to rename the .ZIP file to use another extension.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
