[Dshield] The truth about scanning password-protected .zip files
Johannes B. Ullrich
jullrich at sans.org
Mon Mar 8 12:54:45 GMT 2004
> virusscanner can actually find a virus in a
> password-protected zip file. Is this technically
I think at least Kaspersky announced that they added
this function to their virus scanner. If an encrypted
zip file is found, the scanner will try to decrypt it
using words it finds in the body of the email.
I have no idea how well that works, or how much resources
this takes up.
While there are some methods to more or less brute force zip
file passwords, I don't think any virus scanner is using these
(probably too expensive for a virus scanner).
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040308/82f7becf/attachment.bin
More information about the list