Ron McKeating said:
> We are seeing more of these emails with an encrypted zip file containing
...
> If anybody has a good working solution then I would be happy to hear
> from you.
These have been a non-issue for us since we started using a script to
check the files in a zip file.
Even when the zip file is password protected, you can see filenames in the
zip file. While checking only for certain extensions is not 100%
protection, we also have all of our email scanned at the desktop should
anything get through.
The script has so far however snagged every one of them...
http://exim.got-there.com/forums/viewtopic.php?t=451
I actually received one today via my home provider and was amused at how
Grisoft's Antivirus dealt with it. It apparently couldn't scan the file,
but was able to determine that it contained an extension that was not safe
(exe in this case) and put it in the virus hold box.
I've been waiting for a virus to do this, password protected zip and
giving the user the password. I suspect that if anothe MS Update shows up
with this type of scheme it will be quite popular for users to open. I've
had a bit of an email campaign going to try to educate users that this
might happen, but so far none of the users have even seen the messages due
to our blocks.
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
