On Thu, 2004-03-04 at 10:40, [EMAIL PROTECTED] wrote: > Quoting Tomasz Kojm <[EMAIL PROTECTED]>: > > Can you make an option to mark encrypted zip file as a virus > type "Encrypted.Zip" only when there is MS Windows executable(s) file(s) found > inside the archive (based on file(s) extension. Here is MIMEDefang > implementation of this option: > http://lists.roaringpenguin.com/pipermail/mimedefang/2004-March/020560.html)? I > think that option make sense, 'cause it will narrow false positives (at least > unless there will be not MS Windows executable file(s) inside an archive and > note in the email to rename the file to executable).
This is a good idea, I think. For simplicity's sake, marking the whole zip file as bad is fine if any file inside the zip arhcive is a) executable (all known bad extensions) and b) encrypted. Since zip archive files are encrypted on a per-file basis, this would work. I may play around with this later tonight. This could very well be a simple addition (under 10 lines of code) to scanners.c. Michael > > Thank you for the good antivirus product and fast responses! > Dmitry > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users -- Michael L Torrie <[EMAIL PROTECTED]> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
