RE: Recomendations on gateway antivirus

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 4 Mar 2004 16:14:43 -0800

Responding to 2 different posts by the same person:

> John, see my post re eScan & MailScan - they do! Try it for yourself
> . What can I say, I have not seen any infection on any of
> my clients since we started using eScan over 2 years back. I am now
> beginng to miss my virus cleanups :(

> "But, we are proud to share with you the fact that users of the recently
> released MailScan 4.2 and eScan 2003 'e' edition, will all be protected
> against such scums.  This is primarily because both these products
> email-scanning engine has a feature to look inside a ZIP file
> (irrespective of whether it is password-protected or not) and then
> removing this ZIP file itself if it is found to be having a dangerous
> attachment. So, if you wondered how come you never received such worm
> infected mails, you now know the reason for the same :-)"

My statement stands. They admit (without saying it) that even they can not
catch a virus such as Bagle.J inside of an encrypted zip file. All they are
doing is banning the fact that there is an executable file within the zip.
The software I use does that as well very nicely. 

To reiterate, there is yet no Anti-Virus scanning engine that can find and
identify a virus such as Bagle.J inside of an encrypted zip file.

BTW, striping an e-mail of an "harmful" attachment and then sending is not
the recommended course of action.

John Tolmachoff
eServices For You

Other related posts: