Re: [Clamav-users] Password-protected .zip file viruses

Tue, 02 Mar 2004 18:14:06 -0800 

On Tue, 2 Mar 2004, Charlie Watts wrote:

> Clearly the virus DB maintainers are inundated with password-protected
> .zip files with viruses inside.
>
> I think I understand the technical impossibility of making a signature for
> these - the .zip header is the same, and then the filenames inside are
> randomized, as is the password, and thus the encrypted body has nothing
> recognizable - so there isn't anything available to make a signature off
> of.
>

What I'm thinking is; Would it be feasible to add an option to attempt to
brute-force-crack the passwords on zip files when scanning them?
Yes, it would slow down scanning immensely, and there's *no* way it should
ever be a default option, but zip file passwords are /resonably/ simple to
crack, so it is doable (although it takes time)...

I could whip some code together for this if it has any interrest at all...


-- 
Jesper Juhl <[EMAIL PROTECTED]>
Systems Administrator, Danmarks Idręts-Forbund / The Danish Sports Federation
Please don't top-post    http://www.catb.org/~esr/jargon/html/T/top-post.html
Please send plain text emails only          http://www.expita.com/nomime.html


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to