Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: AW: [suse-security] NAI on unix do not find actual virus
  • From: Michel Messerschmidt <lists@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 11 Mar 2004 23:36:49 +0100
  • Message-id: <20040311223649.GB4503@xxxxxxxxxxxxxxxx>
On Thu, Mar 11, 2004 at 05:03:37PM -0000, Tom Knight wrote:
> > And how would the scanner know what files were in the *ENCRYPTED*
> > zip? That's
> > the whole problem with worms hidden in encrypted zips. If the
> > scanner could
> > open them to see what files were there, it would just scan the
> > files normally.

There's a bit flag in the zip file header for that purpose
(see http://www.pkware.com/products/enterprise/white_papers/appnote.html).

--
Michel Messerschmidt lists@xxxxxxxxxxxxxxxxxxxxxxx
antiVirusTestCenter, Computer Science, University of Hamburg

< Previous Next >
References