Some e-mail worms, like the widespread Bagle-family, uses
password-protected files in an attempt to fool antivirus
scanners. F-Secure Anti-Virus provides methods that can be used
to detect the presence of suspicious files inside encrypted
archive files. These methods provide generic detection and work
for all present and future worms that uses a similar technique.
These features are disabled by default due to the fact that they
may have a negative impact on the scanning performance or block
some legitimate attachments in mail traffic. This article
describes how a user can enable these features and ensure that
worms can't replicate using password-protected archives.
More information can be found from our Support pages:
http://support.f-secure.com/enu/corporate/supportissue/general/general-issue-...
F-Secure Corporation