Re: [Exim] Encrypted Viruii

Pàgina inicial
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
A: Ron McKeating
CC: exim-users
Assumpte: Re: [Exim] Encrypted Viruii
> > The same as it traps any other virus I would assume.
> If the attachment has been encrypted then there is no way the virus
> scanner can see the virus inside it. I recieved 4 last night when
> I save the attachement it is called "MoreInfo.zip".
> If I run the virus scanner against this file then it comes up clean.
> However if I try to unzip it it asks for a password, the password was
> in the body of the message.
>
> Are you saying your virus scanner can read data inside an encrypted file
> ???


It's possible to scan for it by using known parts of the file. The .ZIP is
not encrypted, the members are.

[root@coredump:/root] unzip Message.zip
Archive:  Message.zip
[Message.zip] frbdm.scr password:
   skipping: frbdm.scr               incorrect password
[root@coredump:/root] uvscan Message.zip
/root/Message.zip
        Found the W32/Bagle.gen!pwdzip (ED) virus !!!
[root@coredump:/root]


NOTE: I had to use the extra.dat from mcafee for this, the latest dat was not enough.

(Lets not getinto a "don't use root" war here ok?)

--
Lab tests show that use of micro$oft causes cancer in lab animals