Password protected content blocked in content Quarantine

Sylvain Viart
Added about 4 years ago

If you want to whitelist a sending domain towards this feature, please read :

https://support.mailcleaner.net/boards/3/topics/61-password-protected-archives-manage-a-whitelist

Archive that MailCleaner can't read are identified as dangerous and consequently blocked in Content quarantines. Password protected archive is a very well known way used to distribute viruses, as the archive can be modified without knowing the password. There's no possibility to enable white-listing for such content.

Please note that those crypted content in archive offer a very limited protection.

As a workaround we can propose:

  • encrypt mail with PGP / smime, will not be blocked by MailCleaner
  • drop the secure content on an online storage with restricted access, no attachment are sent, only a private link.
  • sent your secure content through another private domain , not filtered by MailCleaner.

Are password-protected ZIP files secure?

Extract of this conversation for extra information about security and password protected archive.

source: http://security.stackexchange.com/questions/35818/are-password-protected-zip-files-secure

Following my answer. If I can list contents of password-protected ZIP file, check the file types of each stored file and even replace it with another one, without actually knowing the password, then does the ZIP files can be still treated as secure?

This is completely insecure in terms of social engineering / influence etc.

I can hijack (intercept) someone else's file (password-protected ZIP file) and I can replace one of files it contains, with my one (fake, virus) without knowing the password. Replaced file will remain unencrypted, not password-protected inside ZIP, but other files won't be modified.

If victim unpack a password-protected archive, extracting program will ask for the password only once, not every time per each file. So, end user will not see difference -- whether program does not ask for a password, because it already knows it (original file) or because that one doesn't need a password (file modified by me). This way, I can inject something really bad into password-protected ZIP file, without knowing its password and still count on, that receiver will be fouled and assume, file is unmodified.

Am I missing something or this is really wrong? How can we say about something in terms of security, if password is not required to introduce any modifications in password-protected file?