As reported last month by the FBI, dangerous email borne viruses are on the rise. In an effort to up our game, we recently investigated partnering with a couple of the top virus detection companies to increase our catch rate. Perhaps not too surprising, we found that these virus scanning companies were unable to block anything that we were not already blocking. Yes, it’s true that these companies were good at catching viruses that are over 24 hours old, but our own filters already get updated much faster than that (and we’re not about to delay email that long anyway).
The good news is that we’ve been simultaneously developing new technologies to block “zero hour” viruses and have been starting to see some real improvements.
Unfortunately, in the past 48 hours, we’ve seen at least one major campaign slip through even with this new filtering layer that we’ve created. Upon investigation, we discovered that the technology that we use to extract .zip attachments failed to extract the files in this particular campaign and so our systems didn’t see the attachment. This was because the spammer used a non-standard method to encode the attachment. We’ve identified a solution and hope to have it rolled out to all filtering servers today.
As always, we recommend exercising caution when dealing with emails with .zip attachments. If you would prefer to block all emails that contain .zip attachments, you may do so by following the instructions in our knowledge base:
We are working hard to be the most accurate filter in the industry. Our recent filtering upgrades to block zero hour viruses has definitely helped. Had it not been for the bug in the .zip extraction we saw, this virus would have been blocked by these upgrades. Having the lowest false positive rates while also blocking almost 100% of spam and viruses isn’t easy to achieve, but it’s a goal we’re constantly striving to achieve and maintain. Thanks for sticking with us… much more to come!