> From: qqqq [mailto:[EMAIL PROTECTED] > you know the password protected zip > file viruses? My customers were up in arms as these flowed right > through. However, ClamAV caught them with ease.
Gary W. Smith wrote: > How does ClamAV catch them if they cannot unzip them? A couple of ways. One method is to establish a signature that matches the zipped content. Another method is to establish a signature on the directory listing, which is not encrypted. There's also an option to assume that encrypted archives are always viruses (this is off by default.) IIRC some of the encrypted zip files included passwords in image form. There's a recent thread in this list where OCR is used to generate spam-sign. It's just within the bounds of possibility that an enterprising virus scanner would perform OCR on attached (or even linked) images when faced with an encrypted archive to come up with possible passwords. That's when you start getting viruses in emails that say "The password is Mickey Mouse's girlfriend's name." -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
