> > The same as it traps any other virus I would assume.
> If the attachment has been encrypted then there is no way the virus
> scanner can see the virus inside it. I recieved 4 last night when
> I save the attachement it is called "MoreInfo.zip".
> If I run the virus scanner against this file then it comes up clean.
> However if I try to unzip it it asks for a password, the password was
> in the body of the message.
>
> Are you saying your virus scanner can read data inside an encrypted file
> ???
It's possible to scan for it by using known parts of the file. The .ZIP is
not encrypted, the members are.
[root@coredump:/root] unzip Message.zip
Archive: Message.zip
[Message.zip] frbdm.scr password:
skipping: frbdm.scr incorrect password
[root@coredump:/root] uvscan Message.zip
/root/Message.zip
Found the W32/Bagle.gen!pwdzip (ED) virus !!!
[root@coredump:/root]
NOTE: I had to use the extra.dat from mcafee for this, the latest dat was not enough.
(Lets not getinto a "don't use root" war here ok?)
--
Lab tests show that use of micro$oft causes cancer in lab animals