RE: [Clamav-users] Password-protected .zip file viruses

Tue, 02 Mar 2004 20:42:29 -0800 

My understanding of reliable zip password checking was that you needed two
or more files encoded with the same password in the archive to allow a good
check...

Maybe I'm wrong on that, but still I'd rather a setting that allows me to
reject unscannable attachements. Preferably as mentioned before somehow by
user - if this was a command line argument "ignore unscannable archives" vs.
"reject unscannable archives".

m/

> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Jesper
> Juhl
> Sent: Tuesday, March 02, 2004 5:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Password-protected .zip file viruses
>
>
> On Tue, 2 Mar 2004, Charlie Watts wrote:
>
> > Clearly the virus DB maintainers are inundated with password-protected
> > .zip files with viruses inside.
> >
> > I think I understand the technical impossibility of making a
> signature for
> > these - the .zip header is the same, and then the filenames inside are
> > randomized, as is the password, and thus the encrypted body has nothing
> > recognizable - so there isn't anything available to make a signature off
> > of.
> >
>
> What I'm thinking is; Would it be feasible to add an option to attempt to
> brute-force-crack the passwords on zip files when scanning them?
> Yes, it would slow down scanning immensely, and there's *no* way it should
> ever be a default option, but zip file passwords are /resonably/ simple to
> crack, so it is doable (although it takes time)...
>
> I could whip some code together for this if it has any interrest at all...
>
>
> --
> Jesper Juhl <[EMAIL PROTECTED]>
> Systems Administrator, Danmarks Idręts-Forbund / The Danish
> Sports Federation
> Please don't top-post
> http://www.catb.org/~esr/jargon/html/T/top-post.html
> Please send plain text emails only
> http://www.expita.com/nomime.html
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id56&alloc_id438&op=ick
> _______________________________________________
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to