On Tue, Apr 9, 2013 at 10:51 AM, David Lum <david....@nwea.org> wrote: > Do any of you guys still allow this? I ask because at %formerjob% they were > blocked, but %dayjob% allows them, and last week and today we’ve received > infected .ZIP files.
Our plan: An email containing any dangerous file is quarantined. That check scans within archives (and archives within archives, and so on). If an archive cannot be scanned (corrupt, too big, too many files, too many nested levels, or encrypted) it is quarantined. Dangerous files include various known file name patterns, as well as anything that matches executable content signatures. We don't look for specific malware signatures. Any executable content is considered malware for email. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin