Re: [Exim] Encrypted Viruii

Góra strony
Delete this message
Reply to this message
Autor: Ron McKeating
Data:  
Dla: Nigel Metheringham
CC: Wakko Warner, Exim-Users (E-mail)
Temat: Re: [Exim] Encrypted Viruii
Yes you can see the metadate, ie the filename and size, but you need to
enter the password to unzip the file, that is why the virus scanner does
not see the virus, it cannot unpack it.

What I want to do is have a simple way of detecting and failing any
password encrypted zip files.

Ron
On Wed, 2004-03-03 at 14:01, Nigel Metheringham wrote:
> On Wed, 2004-03-03 at 13:42, Ron McKeating wrote:
> > If the attachment has been encrypted then there is no way the virus
> > scanner can see the virus inside it. I recieved 4 last night when
> > I save the attachement it is called "MoreInfo.zip".
> > If I run the virus scanner against this file then it comes up clean.
> > However if I try to unzip it it asks for a password, the password was
> > in the body of the message.
> >
> > Are you saying your virus scanner can read data inside an encrypted file
> > ???
>
> How is zip encryption done? Is the central directory encrypted or just
> the file payloads?
>
> If its just the file payloads then you would be able to see name &
> metadata (including size and maybe crc).
>
>     Nigel.

>
> --
> [ Nigel Metheringham           Nigel.Metheringham@??? ]
> [ - Comments in this message are my own and not ITO opinion/policy - ]

>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##

--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329