Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
RE: AW: [suse-security] NAI on unix do not find actual virus
  • From: "Tom Knight" <thomas.knight@xxxxxxxxxx>
  • Date: Thu, 11 Mar 2004 17:03:37 -0000
  • Message-id: <ICELJOHAGNAFJPFMMBKOIEBPCFAA.thomas.knight@xxxxxxxxxx>


> -----Original Message-----
> From: suse@xxxxxx [mailto:suse@xxxxxx]
> Sent: 11 March 2004 15:47
> To: suse-security@xxxxxxxx
> Subject: RE: AW: [suse-security] NAI on unix do not find actual virus
>
>
> Quoting Tom Knight <thomas.knight@xxxxxxxxxx>:
> >
> > Has anyone here tried the possible method I mentioned in an
> earlier post?
> >
> > "Okay, how to get round this?
> >
> > Possibly tell your scanner to reject .zip files containing
> > files with extension .exe+. .com+ etc etc.
> >
> > I haven't actually received a single one of these .zip files,
> > but the above tip was one I saw on the NTBugTraq list which
> > apparently works with Norton Anti-Virus for Exchange V2.1. I
> > imagine amavis/clamAV would be able to be configured this way."
> >
>
> And how would the scanner know what files were in the *ENCRYPTED*
> zip? That's
> the whole problem with worms hidden in encrypted zips. If the
> scanner could
> open them to see what files were there, it would just scan the
> files normally.

It doesn't.
Make the assumption that anyone sending a .exe in a password protected zip
file is sending a virus.

Tom.


< Previous Next >
References