The thing is, it used to work as I have done that before. Renaming the file is only to bypass the banned extension. The file is still scanned. However, F-Prot never stopped it as code 8 before.
John T eServices For You
-----Original Message-----
John, I don't think you mention what kind of file was in your encrypted zip. I just took a try at repeating the test as it may be applicable to my own environment.
I block encrypted banned extensions with:
BANEZIPEXTS ON
and ..doc file is not in my list of banned extensions, just the usual executable extension. I also use return code 8 with my f-prot.
I sent a zip file with a single password protected MS Word .doc file (using the standard zip password scheme) using a non-trivial password in case there is password guessing involved. No problem, it came through Declude just fine.
I then renamed the zip file to blahblah._ip and sent the test message again. No problem, it came through just fine.
If you're talking about sending executables, then I'm not worried about whether F-Prot returns code 8 (suspicious file) or whether BANEZIPEXTS ON catches, as I expect to catch these. This is acceptable in my corporate environment.
We have never advised people to rename files in order to work around our antivirus software, but they've always tried! They've also always failed, as our internal software (Trend Micro) does not trust extensions as file-type identification.
I hope that helps,
Andrew 8)
|
Title: Message
- [Declude.Virus] F-Prot tagging zips as code 8 John Tolmachoff \(Lists\)
- Re: [Declude.Virus] F-Prot tagging zips as ... Matt
- RE: [Declude.Virus] F-Prot tagging zips... John Tolmachoff \(Lists\)
- Re: [Declude.Virus] F-Prot tagging ... Matt
- RE: [Declude.Virus] F-Prot tagg... John Tolmachoff \(Lists\)
- RE: [Declude.Virus] F-Prot tagging zips as ... Colbeck, Andrew
- Re: [Declude.Virus] F-Prot tagging zips... John Tolmachoff \(Lists\)