SV: [Clamav-users] Find bagle in Zip files.

Fri, 26 Mar 2004 01:15:41 -0800 

> -----Ursprungligt meddelande-----
> Från: Fajar A. Nugraha [mailto:[EMAIL PROTECTED] 
> Skickat: den 26 mars 2004 09:09
> Till: [EMAIL PROTECTED]
> Ämne: Re: [Clamav-users] Find bagle in Zip files.
> 
> 
> Simon Gate wrote:
> 
> >Hello.
> >
> >Im running a smtp server with f-secure and clamav. I have a problem 
> >with the f-secure server because it cant find the bagle virus in 
> >password protected zip files but clamav does. I e-mailed f-secure 
> >support about and they said to me it isnt any virus scanner 
> today that 
> >can find virus in password protected zip files.
> >
> true.
> 
> >And this answer confuses me because
> >clamav does find the virus in the password protected zip 
> file. And now 
> >my question, how is it possible for clamav to find a virus in a 
> >password protected file when f-secure support claims it isnt 
> possible?
> >
> >  
> >
> Beacuse clamav doesn't just scan attachments. It also 
> examines the raw email for certain patterns to mark 
> archive-encrypted viruses. Something like "password" and then 
> followed by an attachment.
> 
> If you only feed clamav with attachment (e.g. the encrypted 
> zip), it won't be able to find it either.
> 

When i feed my clamav with the attachment of a bagle virus it says 
Worm.Bagle.Gen-zippwd FOUND. And this is when i have ArchiveDetectEncrypted turned 
off. I dont know if clamav only detects the early variants of bagle.

> Last, clamav (the latest version) also has an option in 
> clamav.conf : ArchiveDetectEncrypted
> 
> If you turn this option on, clamav will reject all encrypted 
> zips as Encrypted.Zip virus. Also works on encrypted rars. 
> Even with that option off (which is the default case), you 
> still catch most archive-encrypted viruses (In this case, Bagle).
> 

This might be a good option. I dont think anyone in our organization uses password 
protected zip files. If they need to protect their files i would suggest something 
more reliable.

Best Regards
Simon


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to