> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Diego
> d'Ambra
> Sent: Tuesday, March 02, 2004 4:55 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] password-protected Worm.Bagle.H
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:clamav-users-
> > [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
> > Sent: 2. marts 2004 13:15
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Clamav-users] password-protected Worm.Bagle.H
> >
> > Suggestions? There are really easy ways for the virus writer to
> > circumvent this type of check but until they start utilizing such
> > strategies, is it possible to include the zip's crc into ClamAV's
> sigs?
> >
>
> From the (unzipped) samples I've access to they differ in size, so MD5
> or other checksums are useless.
>
> Best regards,
> Diego d'Ambra
Seeing how quickly this could get out of hand, and how hard it would be to
write code to "read" the password from the mail - how about a simple option
that allows full rejection of password encrypted archives - or optional
(based on db lookup) but I'm probably hoping too much there...
I run virtual users out of a mysql database - the user emails are in one
field - options controlling mail handling are in others ('Y' / 'N' enums).
Being able to control this would be ideal, but being able to outright reject
them would be an improvement.
Another tack on this might be accomplished through procmail / maildrop if
unzip will report if archived files are in fact password protected... does
anyone know if there is a way to list passworded file besides trying to
extract them?
Just a few thoughts - as always thank you for the excellent tool
m/
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
