Print Page | Close Window

Feature request: blacklist exe in zip

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 11 December 2018 at 1:25pm

Topic: Feature request: blacklist exe in zip
Posted By: Shade
Subject: Feature request: blacklist exe in zip
Date Posted: 02 October 2010 at 3:14am
Dear Logsat,

Is there a way to add this feature: when a zipped attachment comes with exe file (lot of these type of spams at this time, and Norman's antivirus don't catch all) reject emails with .exe, .bat, .pif etc. in zipped attachments ?

Thank you for reply,
Best regards.

Posted By: LogSat
Date Posted: 02 October 2010 at 1:43pm
We've added the request to the wish list, but I have to say that I'm not sure this will ever be implemented, since very often zip archives do contain .exe files in them. At that point, it may be to block the entire zip to begin with, since such a high percentage of them will contain .exe's.

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: Shade
Date Posted: 02 October 2010 at 2:33pm
Dear Roberto,

I disagree with your opinion. Zip archive can contain documents, text file, serial keys, etc. When this is an exe, there is a high percentage that this is a virus, but if no filter can told this zip is exe or this zip is text file, this is difficult to block all zip files from our customers...

Best regards, Raphael.

Posted By: AndrewD
Date Posted: 06 October 2010 at 8:18pm
I have to say i agree with Roberto on this one.
Yes zip files can contain anything. And i often get people to zip an exe to send it to me. it is easyer than asking them to rename the extension.
Also you can within exchange block attachements by type, and have them put into a removed attachments folder within the network. This is a far better thing than relying on the end user to look at the quarantine list and from the limited information that they will have (or understand) from the header information, decide to get that file delivered. 
I understand that your Antivirus is not doing it to all messages, so perhaps the question should be put to the Normon support. Maybe (file size limit, etc.).

Posted By: Shade
Date Posted: 07 October 2010 at 3:54am

First, all of us does not necessarily using exchange (it's my case); Second I think with a such option, end users (and operators offering service) could decide to block, quarantine, or reject, simply this type of email.

That my point of view, but for the moment I'll find another working solution (like storing all packed files in quarantine, and then deliver it, or not, with another script).

Print Page | Close Window