The Intrusion Prevention System (IPS), can see the contents of the zip file, however the IPS is not able to read the actual contents of the files within the zip file. The IPS does act on the file extensions of the files contained in the zip file, as an example if you have a filter set to Block/Notify on a SMTP ZIP attachment containing files with a .exe extension, then the zip file containing an .exe file extension would be blocked. Digital Vaccine filters (when enabled) look for the following file extensions;
- bat
- cmd
- cpl
- dll
- dmg
- exe
- hlp
- htm
- pif
- pkg
- rar
- src