What I'm thinking is; Would it be feasible to add an option to attempt to brute-force-crack the passwords on zip files when scanning them? Yes, it would slow down scanning immensely, and there's *no* way it should ever be a default option, but zip file passwords are /resonably/ simple to crack, so it is doable (although it takes time)...
I could whip some code together for this if it has any interrest at all...
I don't think it can be in reasonable time. My 700 MHz machine takes about 15 minutes to crack a .zip when I have a 1k of known plain text. To brute force it takes about a day to run through all valid passwords up to 6 characters. I think ZIP supports around 64 different characters in the password. So it would take around two months to do the complete 7 character set, 8 characters just gets stupid.
15 minutes up to the heat death of the universe isn't something that can be done during an SMTP transaction. That would make the feature only useful for local scans.
So maybe you don't want to try brute forcing, just known plain text attacks. Well that is still 15 minutes for every plain text you want to try. That means you have to have 1k of every virus you want to stored somewhere. Also that is for 1k of plain text, to crack a .zip you only need 16 bytes. But the time required to crack goes up very quickly when the plain text shrinks. At 16 bytes it is almost as long as a brute force.
Cracking .zips is only really useful when you have one that contains multiple files, and you have a complete copy of one of the files, and just need to recover the rest.
I'm not going to say, don't do the work, if you think it could be useful. But go time your cracking code again, and see if you think it is something that can reasonably be done for thousands of files a day.
-- Chris
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
