Spam Filter ISP Support - Feature request: blacklist exe in zip

Feature request: blacklist exe in zip

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6878
Printed Date: 27 December 2024 at 12:48pm

Topic: Feature request: blacklist exe in zip

Posted By: Shade
Subject: Feature request: blacklist exe in zip
Date Posted: 02 October 2010 at 3:14am

Dear Logsat,

Is there a way to add this feature: when a zipped attachment comes with exe file (lot of these type of spams at this time, and Norman's antivirus don't catch all) reject emails with .exe, .bat, .pif etc. in zipped attachments ?

Thank you for reply,
Best regards.

Replies:

Posted By: LogSat
Date Posted: 02 October 2010 at 1:43pm

We've added the request to the wish list, but I have to say that I'm not sure this will ever be implemented, since very often zip archives do contain .exe files in them. At that point, it may be to block the entire zip to begin with, since such a high percentage of them will contain .exe's.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Shade
Date Posted: 02 October 2010 at 2:33pm

Dear Roberto,

I disagree with your opinion. Zip archive can contain documents, text file, serial keys, etc. When this is an exe, there is a high percentage that this is a virus, but if no filter can told this zip is exe or this zip is text file, this is difficult to block all zip files from our customers...

Best regards, Raphael.

Posted By: AndrewD
Date Posted: 06 October 2010 at 8:18pm

I have to say i agree with Roberto on this one.

Yes zip files can contain anything. And i often get people to zip an exe to send it to me. it is easyer than asking them to rename the extension.

Also you can within exchange block attachements by type, and have them put into a removed attachments folder within the network. This is a far better thing than relying on the end user to look at the quarantine list and from the limited information that they will have (or understand) from the header information, decide to get that file delivered.

I understand that your Antivirus is not doing it to all messages, so perhaps the question should be put to the Normon support. Maybe (file size limit, etc.).

Cheers

Andrew

Posted By: Shade
Date Posted: 07 October 2010 at 3:54am

Andrew,

First, all of us does not necessarily using exchange (it's my case); Second I think with a such option, end users (and operators offering service) could decide to block, quarantine, or reject, simply this type of email.

That my point of view, but for the moment I'll find another working solution (like storing all packed files in quarantine, and then deliver it, or not, with another script).