pizzaco
For business reasons, I cannot block zip files......, but haven't found a way to enable blocking inside of zip files.
The executable content blocking method sees the attachment as a zip file, so you must block zip files if you want to "block" other executable content that is within the zip file.
You need to adopt a different approach.
One approach to minimise exposure is to block ZIPv1 which are far more prevalent as viruses, and allow ZIPv2 which is a newer format being used moreso these days & seems to be less prevalent with viruses.
Alternatively block all zip files, ZIPv1 & ZIPv2, & ask people to send rar files.
Make that your system policy for security reasons, you have to decide which is worse, the damage & disruption caused by a virus infection, or user disruption due to being unable to send zip files (for which other methods exist). Some re-education of your users is required here.
WinRAR or similar is easily available & does compress to zip or rar formats, so for a user creating source zip or rar format files, there is very little difference for them to do.
You can also create a webshare or webdav (or similar) upload site so users who must or can only send zip files, can upload them to your server securely instead of emailing them. Then you can scan them when retrieving from the upload site.
Another approach is to have an external email account that you collect mail from using POP, and when any external users say they are unable to send to your normal email address, you ask then to use this special email address just for sending zip attachments. I suggest you do not freely advertise this address, you only give it to people on an "as needed" basis & monitor it carefully with a anti virus software on the workstation that accesses the POP account.
The methods outlined above work satisfactorily for me in a business environment.
7 Replies
1853 Views