Printable View
I have came across this type of device of backdooring/infecting while browsing some websites. well ya, these sites tend to cater to "hackers" or misled users. they tell you to download the file if you want their product, but you have to unlock the rar with their key. of course, i didnt fall for their trickery. so virus boxes' target audience: "people who dont know better."
i think ur all safe here.
If strong encryption is used both RAR and ZIP files are basically locked. I ran a cracker against a RAR for weeks with no results, let alone having some virus scann do it on the fly. Ain't going to happen. Besides encrypted files with no key could violate data retention regulations and policies. Not to mention your whole customer/patient/financial database going out the window without your knowledge.
So unknown encrypted files are treated as hostile according to my policy. They are quarantined based on user. For example I "trust" the CEO to send encrypted file attachments to certain people. They are allowed. Everyone else is quarantined. The scanner can see when a file is encrypted, those files are stripped and dumped in a bucket on the network for 30 days and deleted.
If Bob in Sales comes to me and I believe him when he says a new proposal for a new project was in the email and it was blocked, I can release it with 2 mouse clicks. I can then ask bob to use my generic password in the future and scan his PC that night just in case. In fact every PC is scanned overnight and results reported.
On the other side, your virus solution should have an "on access" scanner that will detect known viruses when the RAR is opened on the local PC and executed.