[Dshield] The truth about scanning password-protected .zip files

Johannes B. Ullrich jullrich at sans.org
Mon Mar 8 12:54:45 GMT 2004

> virusscanner can actually find a virus in a
> password-protected zip file. Is this technically
> possible?

I think at least Kaspersky announced that they added 
this function to their virus scanner. If an encrypted
zip file is found, the scanner will try to decrypt it
using words it finds in the body of the email.

I have no idea how well that works, or how much resources
this takes up. 

While there are some methods to more or less brute force zip 
file passwords, I don't think any virus scanner is using these
(probably too expensive for a virus scanner).

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040308/82f7becf/attachment.bin

More information about the list mailing list