11 Mar
2004
11 Mar
'04
15:47
Quoting Tom Knight <thomas.knight@ahds.ac.uk>:
Has anyone here tried the possible method I mentioned in an earlier post?
"Okay, how to get round this?
Possibly tell your scanner to reject .zip files containing files with extension .exe+. .com+ etc etc.
I haven't actually received a single one of these .zip files, but the above tip was one I saw on the NTBugTraq list which apparently works with Norton Anti-Virus for Exchange V2.1. I imagine amavis/clamAV would be able to be configured this way."
And how would the scanner know what files were in the *ENCRYPTED* zip? That's the whole problem with worms hidden in encrypted zips. If the scanner could open them to see what files were there, it would just scan the files normally.