-----Original Message----- From: suse@rio.vg [mailto:suse@rio.vg] Sent: 11 March 2004 15:47 To: suse-security@suse.com Subject: RE: AW: [suse-security] NAI on unix do not find actual virus
Quoting Tom Knight <thomas.knight@ahds.ac.uk>:
Has anyone here tried the possible method I mentioned in an
earlier post?
"Okay, how to get round this?
Possibly tell your scanner to reject .zip files containing files with extension .exe+. .com+ etc etc.
I haven't actually received a single one of these .zip files, but the above tip was one I saw on the NTBugTraq list which apparently works with Norton Anti-Virus for Exchange V2.1. I imagine amavis/clamAV would be able to be configured this way."
And how would the scanner know what files were in the *ENCRYPTED* zip? That's the whole problem with worms hidden in encrypted zips. If the scanner could open them to see what files were there, it would just scan the files normally.
It doesn't. Make the assumption that anyone sending a .exe in a password protected zip file is sending a virus. Tom.