On Thu, 4 Mar 2004, Igor Brezac wrote:
> On Thu, 4 Mar 2004, Tomasz Kojm wrote:
>
> > Hello,
> >
> > due to many requests ClamAV is now able to detect and mark password
> > protected archives as a virus type "Encrypted.Zip" (big thanks to
> > Michael L Torrie). You have to enable this feature manually with
> > ArchiveDetectEncrypted in clamav.conf and --detect-encrypted in
> > clamscan. Please be careful and WARN YOUR USERS before enabling it.
> >
>
> I may have missed something in this discussion, but why isn't it possible
> to treat this zip file as a regular file (non archive) and check it
> against virus patterns? This is how trendmicro engine is able to identify
> the virus.
I think it was mentioned that the virus is encrypted in ZIP format with a
randomized password as it is being propagated.
I can't keep up with the volume of mail on this list lately... so I may
have misread... ;-)
Ed
Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
