PDA

View Full Version : Where does ZoneAlarm MailSafe quarantine suspect attachments?



Billy T
01-10-2002, 10:55 AM
Hi Team

ZA MailSafe just picked up a suspect attachment (with an xxx.doc.xxx file name) and since it looks like it comes from one of my clients, I want to look at it to see what the original file type was in case it is legit.

Using Ztree I have done a full computer search for the file name (book favs.doc.zlo) but can't find it anywhere. Curiously, ZA usually numbers quarantined files zl0 to zl9 but this is definitely zlo. I couldn't find it searching on either suffix anyway.

I use Outlook so my best guess is that it's hidden in Outlook.pst.

Does anybody know where else to look? I can always try to open it and then ZA will let me save it instead of opening, but I have a pathological aversion to attempting to open any suspect file.

I don't want to go direct to the client until I am sure it is a problem.

Oh yes, and another funny thing, my search turned up a copy of W32.Magistr.39921@mm in the Norton Quarantine but Nortons said that their quarantine was empty. Now manually deleted but go figure ?:|

Cheers

Billy 8-{)

Mike
01-10-2002, 11:03 AM
> Using Ztree I have done a full computer search for
> the file name (book favs.doc.zlo) but can't
> find it anywhere. Curiously, ZA usually numbers
> quarantined files zl0 to zl9 but this is definitely
> zlo. I couldn't find it searching on either suffix
> anyway.

If it was a xxxx.doc.xxxx file, wouldn't it be something like "book favs.doc.xxxx.zlo"?

Mike.

Billy T
01-10-2002, 11:48 AM
Sorry Mike, ZA always replaces the actual file type with zl plus a single digit file number. It doesn't add a further suffix.

I think I can read the original file type if I try to open it but that would be an unnecessary risk IMHO.

If I can't find it ,I'll just delete it, but for reasons stated I'd like to know what it is all about.

Cheers

Billy 8-{)