Jason wrote" > It seems to me, IMHO, that this is more along the way that AV scanning > should work in regards to archived files. > > 1. files are scanned on download, etc., but only one-level deep. > 2. AV's have archive and zip utility hooks in them that allow the AV > scanner to be notified when files are "unzipped". > > Then the idea is that you only check files when they become usable > (uncompressed). > > That won't help much with gateway virus scanners (ones that sit at SMTP or internal email server). No, the AV guys are right to decompress and scan. They should just limit the number of levels down it will go and the amount of memory it will reserve to do so. Trend and CA work this way. I can't speak for the others. Dan Schrader Gilian Technologies (formally with the AV teams of both Trend Micro and CA) __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 21:37:54 PDT