Re: [Clamav-users] Re: revisit question about passworded zips

[Bart Silverstrim]

On Apr 15, 2004, at 12:22 PM, Virgo Pärna wrote:

On Thu, 15 Apr 2004 09:55:08 -0400, Bart Silverstrim wrote:
Sooo my question is that at this point, does clamav have the ability 
to
pick up the passworded zip file sent by a specific bagle variant, 
while
passing others along undetected?  the testvirus.org password protected

     Yes it does - "sigtool --list-sigs | grep pwd" will show you a
list of crypted archive variants specificaly detected. But in newest
versions it is possible to just block all crypted zip's.
Okay, I was just looking for the "authoritative answer" to whether 
those viruses were getting caught, which I thought they were but the 
testvirus.org would indicate otherwise...so I thought I'd ask if those 
*particular* passworded zip files would get caught...which it 
apparently does.

I don't want to block out *all* encrypted zips, because there are 
instances where it could be valid to send a short encrypted attachment 
(small ones!), and I'd rather not discourage users from using something 
like encryption with sensitive information simply because we have had 
to take drastic steps to reduce virus propagation.

I also needed this as both reassurance to me and to the Powers That Be 
to whom I must answer that the filter is indeed functioning adequately 
in light of advertising pitches from vendors :-)

Thanks!
-Bart


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users