On Thu, 4 Mar 2004 11:41:48 -0500 (EST) Ed Phillips <[EMAIL PROTECTED]> wrote:
> > I may have missed something in this discussion, but why isn't it > > possible to treat this zip file as a regular file (non archive) and > > check it against virus patterns? This is how trendmicro engine is > > able to identify the virus. > > I think it was mentioned that the virus is encrypted in ZIP format > with a randomized password as it is being propagated. ClamAV databases updated (04-mar-2004 13:11 GMT): daily.cvd, viruses.db2 version: 165 Submission: n/a Sender: Diego d'Ambra Virus name: Worm.Bagle.Gen-zippwd Notes: Generic signature to detect password-protected Bagle zip files Notes: Signature by Trog Added: Yes The signature matches encrypted zip files. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 4 18:36:01 CET 2004
pgp00000.pgp
Description: PGP signature
