Antivirus and password-protected zips |
Post Reply 
|
| Author | |
LogSat 
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Antivirus and password-protected zipsPosted: 21 October 2006 at 4:32pm |
|
Some email viruses contain password-protected zip attachments that could not be scanned by SpamFilter's antivirus plugin. Until now, the only solution to stpo them was to configure SpamFilter to block all emails containing password protected compressed attachments.
We're beta testing a new version of the antivirus plugin that attempts to crack the password for the zip so that its contents can be scanned. If you've purchased the antivirus plugin, or have an evaluating activation code, you may use the new feature by using an updated DLL file. The file is dwnse.dll, and is in SpamFilter's program directory. Simply stop SpamFilter, replace the old DLL, and restart SpamFilter. The updated file is available at www.logsat.com/spamfilter/pub/dwnse.zip Please also verify that the correct NCL.DLL file is on your server. It's in the \SpamFilter\nse\bin directory. The correct file size is 212KB (217088 bytes), and should be dated 9/27/06 or later. This file should be automatically be updated along with the virus definitions. If it's not, you can download it from: www.logsat.com/spamfilter/pub/ncl.zip Edited by LogSat |
|
 |
|
|
mikek
Senior Member 
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 October 2006 at 4:32am |
|
I have an existing Norman Antivirus Installation on my server. The NCL.DLL is therefore in c:\program files\norman\nse, but is dated 08/24/2006. The Norman Installation is up to date, but I did not receive a new NCL.DLL since then.
Can I safely replace the NCL.DLL with your version? |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 October 2006 at 8:44am |
|
Strange, as the updated NCL.DLL should have been automatically updated by your existing Norman back in September, as it's not SpamFilter-specific. It's the Norman Compression Library, and is the updated file by Norman that has extra capabilities in dealing with compressed archives. Is the filesize for you existing file different than the one reported in the thread? If it's the same, you probably received the updated before we did, and in that case there's no need to update.
If it's different, I'm afraid I don't have a final answer. I would not think this would be an issue, but it's a configuration we have not tested so cannot be 100% sure. |
|
|
|
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 October 2006 at 8:53am |
|
hmm, really is strange - spamfilter shows that the version dated 9/27/06 is loaded, but i haven't been able to find that version on my harddisk... a complete disk search is running as I type...
|
|
|
|
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 October 2006 at 11:14am |
|
now I'm totally confused - there is no ncl.dll dated 9/27/06 on the harddisk, but spamfilter shows that version as loaded.
using sysinternals process explorer, I can see that spamfiltersvc.exe has c:\program files\norman\nse\bin\ncl.dll loaded, which is dated 08/24/06 and has a size of 212'992 bytes... |
|
|
|
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 October 2006 at 11:28am |
|
ok, I think I found the reason:
I deleted the ncl.dll date in spamfilter.ini and restarted the service. Sure enough, ncl.dll got downloaded (as ncl.dll~) but it could not be replaced since our mail server on the same machine is using the file as well. Spamfilter didn't notice this though and wrote the date of the downloaded ncl.dll into spamfilter.ini although the "old" version was still loaded. It's funny though that the update function of Norman Antivirus itself does not download the new ncl.dll... |
|
|
|
|
Vader
Newbie 
Joined: 03 August 2005 Status: Offline Points: 6 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 October 2006 at 8:21am |
|
For some reason my ncl.dll is dated 5/8/2006. Tried the link provided but it takes me to http://logsat.com
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 October 2006 at 8:30am |
|
Yeap, sorry. While the address displayed on the forum is correct, the hyperlink itself was relative instead of full.
|
|
|
|
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 10:17am |
|
manually installed the new ncl.dll together with the updated dwnse.dll and SF build 605, and all seems to be ok (on the anti-virus side, sfdb timeouts see other thread)
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.133 seconds.