Spam Filter ISP Support - Password Protected Zip Files

Password Protected Zip Files

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=3065
Printed Date: 28 August 2025 at 4:02pm

Topic: Password Protected Zip Files

Posted By: kspare
Subject: Password Protected Zip Files
Date Posted: 04 March 2004 at 12:01am

Because of the recent virus with a password protected zip, I am blocking zip files, the only software that can detect this virus without extracting the file inside that I have found is groupshield, so what is everyone doing to protect against this? I realize you can educate end users but let's face it, most of them have problems finding the power button for their monitor before callin in a help desk call because their computer is dead.....

I run trend, nai and symantec virus gateways and it makes it past all of these.....any ideas?

Replies:

Posted By: Guests
Date Posted: 04 March 2004 at 12:16am

I have been having good results with NetShield from NAI. Unfortunatly it is no longer available from NAI. I have been trapping and deleteing all three of the current outbreak virus's Netsky.d, Mydoom.f and Bagle.j. The ones that make it past the attachment filter get caught in the que folder with Netshield. Any that get past that scan get scanned once more on the mail server which has more time to perform scans since most incoming mail tends to sit awhile before it gets retrieved.

Since I upgraded to SF2.0302 I have noticed that I have not had any dialup clients get a virus so the new attachment filter seems to be working pretty good now.

Posted By: kspare
Date Posted: 04 March 2004 at 8:31am

Kinda the same thing I am doing, except I don't really want to block *.zip but due to the fact that only exchange server virus software is able to find the virus in a password protected zip file, I have to until this virus goes away. I guess i'll have to keep doing this for now.

Posted By: Desperado
Date Posted: 04 March 2004 at 8:38am

WebShield SMTP 4.5 (nai) as of 24 hours ago, does block the new varient of bagle. However, in addition, I sent the following to all our customers prior to getting the updated "Dat" file.

We have just been alerted by one of our customers of a Virus Warning CLAIMING to come from us (Mags Net). They have forwarded the message to me and I am looking into it now. DO NOT, under any circumstances EVER open any attachments claiming to have come from Mags Net support. We will NEVER send any attachments to our customers, password protected (as this one claims) or otherwise.

The message, in all probability, is a virus and we will do what ever is needed to make sure this does not spread.

Also please note that the Mags Net personnel, are fairly literate and a lot of the bogus messages claiming to be special virus fixes are usually filled with grammatical errors along with spelling errors. We (and especially myself) do, however misspell and miss type but the errors in the above type of messages are more obvious than simple errors.

As usual, please do not ever open any attachments that you are not specifically expecting.

Regards,

Dan S.

Posted By: kspare
Date Posted: 04 March 2004 at 9:24am

Ok, nevermind :) I was missing a patch for webshield, it's working now :) <insert pointing and laughter here>

Posted By: Guests
Date Posted: 04 March 2004 at 8:13pm

logsat tcp 25 -> webshieldmr1a tcp 26 -> mailproduct tcp 27

way to go !

no virus for my 3500 users so far... logsat kills spam en 30% of the virusses,

webshield kills virusses, use autoupdate every 2 hours on the nearest nai.com mirror,

and then the default mailproduct you use ... i have 1 server running it all on 1 nic.

(logsat to webshield to software.com post.office)

great combination of products. high performance.

-eric-