On Tue, 2 Mar 2004, Erik Corry wrote:
> On Tue, Mar 02, 2004 at 11:59:19AM -0600, John Jolet wrote:
> >
> >> The question is how much of a problem it really is. Are users
> >> really that dumb?
> >
> > yes, they are. i've gotten about 10 of those in the last 3 days.
>
> That doesn't actually prove that anyone typed in the password
> and got infected. The version with unencrypted zip file can
> send the version with encrypted zip file to others.
>
> The best defence against it (if it really is a problem) might
> be blocking encrypted zip files with suspicious filenames in
> them. You can see that the file contains a .exe .pif, etc.
> ending without the password.
>
> That's probably not a task for clamav though, more like MIMEDefang:
> http://www.mimedefang.org/
>
> Someone seems to have been giving this some thought:
> http://lists.roaringpenguin.com/pipermail/mimedefang/2004-March/020563.html
I think clamav should return a certain value if the zip file is deemed
clean because it's encrypted, so that glue programs like amavisd-new can
allow people to control when encrypted zips are allowed through. This is a
reasonable thing for clamav to do regardless, if you think about it;
isn't that essentially an error condition ("can't scan zipfile")?
It would seem a simple fix for somebody familiar with the code.
Developers, any comments?
Thanks,
Andy
---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
