I have no knowledge or experience with GFI products but the following article from the GFI knowledgebase seems to imply that the product cannot scan password protected ZIP files - but that it can be configured to allow them to be delivered .... I see that the article lists version 8.0 as one of the versions that can be configured in this way. http://kbase.gfi.com/showarticle.asp?id=KBID001567 -----Original Message----- From: Nick Smith [mailto:nick@xxxxxxxxxxxxxxx] Sent: Friday, 5 March 2004 9:21 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) Ummmm...it's under the Decompression Engine Settings in my version 8.0 Nick -----Original Message----- From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]=20 Sent: 04 March 2004 16:26 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) How does it decompress it without the password? Are they running a cracking program to get the password so it can scan the archive? I am using MailSecurity at another office and see nothing in settings about this feature. Is it just something they say it does?=3D20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Stephen Herrera Sent: Thursday, March 04, 2004 10:12 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) GFI MailSecurity's decompression engine checks password protected =3D3D archives. steve -----Original Message----- From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]=3D3D20 Sent: Thursday, March 04, 2004 6:22 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus =3D3D (passwordprotected .zips) Blocking the specific filename attachments that Bagle and it's variants use. These are documented by SARC and others. This lets me accepts legit .ZIPs but not the virus. This is a short term option as I expect, very soon, a variant (or new virus) that randomly generates encrypted .ZIPs.=3D3D3D20 Some people on Focus-VIRUS mailing list are blocking attachment under a certain size. Others block .ZIP entirely. The only methods are filtering methods. No AV scanning products can pick up the virus itself inside a password protected ZIP. The AV companies need to come up with something quick! =3D3D3D20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers Sent: Thursday, March 04, 2004 9:02 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) We've got Clearswifts Mailsweeper here, and have blocked (well, ok, mailswe=3D3D3D3D eper distribute lists) all the phrases that the worms = =3D use. We've also got s=3D3D3D3D ize limits set on the attachments, so we can = =3D stop =3D3D =3D3D3D all attachments of type x=3D3D3D3D under size y! Andrew --o-- >>> BClaus@xxxxxxxxxxxxx 04/03/04 13:28:12 >>> Just wondering what others are doing to combat the latest BAGLE worm. =3D3D3D3D3D It's password protected so standard AV won't scan into it. = =3D How =3D3D is =3D3D3D3D3D everyone else handling delivery of .zip files = now? We're using the Trend Micro AV suite. Do you think the latest password protected BAGLE worm has caused the =3D =3D3D3D =3D3D3D3D3D demise of password protected .zip files? My immediate opinion in the matter is that password protected .zip files =3D3D3D3D3D will now be treated with the same delivery restrictions that = =3D the .exe, =3D3D3D3D3D .scr, .pif, .vbs have come under but I'm not aware of =3D any =3D3D AV software or =3D3D3D3D3D other means to differentiate scanning =3D options =3D3D between p\w protected .zip =3D3D3D3D3D files = and non p\w protected .zip files. Thanks, =3D3D3D3D3D20 _____ =3D3D3D3D3D20 =3D3D3D3D3D20 Brian Claus, A+, Network+, MCP Network Administrator WESCO Distribution, Inc. 225 West Station Square Drive, Suite 700 Pittsburgh, PA 15219-1122 Phone: 412-454-2412 Fax: 412-454-2540 bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D3D3D3D20 _____ =3D3D3D3D3D20 ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D3D3D3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm=3D3D3D3D20 *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D3D3D3D20 set Digest or =3D Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm