Re: [Clamav-users] Password-protected .zip file viruses

Tue, 02 Mar 2004 19:01:03 -0800 

On Wed, 3 Mar 2004, Rembrandt wrote:

> On Wed, 3 Mar 2004 02:54:35 +0100 (CET)
> [EMAIL PROTECTED] (Jesper Juhl) wrote:
>
> > On Tue, 2 Mar 2004, Charlie Watts wrote:
> >
> > > Clearly the virus DB maintainers are inundated with
> > > password-protected.zip files with viruses inside.
> > >
> > > I think I understand the technical impossibility of making a
> > > signature fo
> > r
> > > these - the .zip header is the same, and then the filenames inside
> > > are randomized, as is the password, and thus the encrypted body has
> > > nothing recognizable - so there isn't anything available to make a
> > > signature off of.
> > >
> >
> > What I'm thinking is; Would it be feasible to add an option to attempt
> > to brute-force-crack the passwords on zip files when scanning them?
> > Yes, it would slow down scanning immensely, and there's *no* way it
> > should ever be a default option, but zip file passwords are
> > /resonably/ simple to crack, so it is doable (although it takes
> > time)...
> >
> > I could whip some code together for this if it has any interrest at
> > all...
>
> There 2 ways to see this fact:
>
> 1. The AV is able to clean/scan EACH file coretly, well! But on the
> other hand what's with ACE, RAR and many others?
>
> 2. On the other hand there's my point of view and (sure.. :) ) it's the
> right point of view:
>
> NO!
> I don't angree!
> I will stop all work for clamAV and other things!
> I wont ask old contacts anymore if this feauture will be included.
>
Calm down. I just suggested it as something to optionally do. I know it's
not something that is actually resonable to do on every file, but I
thought that it might be useful for some people. It was/is just a
suggestion.


> Why?
> a) Huge Mailsers CAN'T crack each file... there's not enough CPU-Power

agreed.

> b) That's the way the damn GOV-GUYS work, it's not my way... and so I
> say hard NO couse if you break a encryption enabled by a user you could
> spy his personal data and so on.
>

Well, mails pass through your mailserver - plenty of ways to "spy on
personal data" if that's what you want to do. I suggested this as a way to
scan inside protected archives, not as a way of spying on anyone. Besides,
if the data is so sensible, the person who send it should use encryption
strong enough that it can't be broken before the sun goes out... But,
that's just my personal oppinion...


> And you're wrong!
> ZIP-PWs aren't easy to crack. The old PW, well..

Well, I was thinking of the old password protection - all I have actual
experience with.

> But GZ use blowfish and i read somewhere that WinZIP will use AES soon.
>
In that case it would take ages ;)


-- 
Jesper Juhl <[EMAIL PROTECTED]>
Systems Administrator, Danmarks Idręts-Forbund / The Danish Sports Federation
Please don't top-post    http://www.catb.org/~esr/jargon/html/T/top-post.html
Please send plain text emails only          http://www.expita.com/nomime.html


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to