On Sun, 14 Mar 2004, Stefanie Ploof wrote:
> FYI, the very newest Beagle virus out today, called W32.Beagle@mm!rar,
> comes with .rar (rather than .zip) attachments. I have asked TSG if we
> block against .rar attachments at the email gateway because I honestly
> cannot remember, and I am waiting for a response.
We treat rar files exactly as we do zip files. The email virus gateways
open up rar archives and scan them. If it doesn't detect viruses, it
sends the message and attachment along unmodified. If it detects a virus,
it drops the attachment, appends the notification banner indicating a
virus was found, and modifies the subject with [VIRUS REMOVED]. If it
can't scan the archive because it's password protected, it drops the
attachment and appends the banner about "dangerous" file types, and
recommends using the filetransfer page.