[Dshield] The truth about scanning password-protected .zip files
dlbntspy at yahoo.com
Mon Mar 8 17:30:17 GMT 2004
I ran across this article, Maybe it will be of some use.
Brian Dessent <brian at dessent.net> wrote:
Christophe Rome wrote:
> With the mass distribution of the bagle.f and bagle.j
> worms one would like to know for sure if his/her
> virusscanner can actually find a virus in a
> password-protected zip file. Is this technically
> possible? Have there been any official statements from
> AV-vendors about this?
ClamAV has detected them for some time now. I have dozens of lines like
the following in my reject logs:
Wed Mar 3 04:15:38 2004 ->
Wed Mar 3 04:15:45 2004 ->
Wed Mar 3 04:15:47 2004 ->
Wed Mar 3 04:15:50 2004 ->
Wed Mar 3 04:17:39 2004 ->
Wed Mar 3 04:17:41 2004 ->
Wed Mar 3 04:17:43 2004 ->
I think it detects them by the base64 encoded zip header.
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Do you Yahoo!?
Yahoo! Search - Find what youre looking for faster.
More information about the list