Re: [Exim] Encrypted Viruii

Top Page
Delete this message
Reply to this message
Author: Adrian Phillips
Date:  
To: Exim-Users (E-mail)
Subject: Re: [Exim] Encrypted Viruii
>>>>> "Philip" == Philip Chambers <P.A.Chambers@???> writes:

[This is getting off topic - so will be my last post to the list on
this]

    Philip> I have seen Beagle.F in both encrypted and unencrypted
    Philip> forms.  The latter would be detected, but the former gets
    Philip> through.


Not according to TrendMicro :-

    Some of the infected mail samples are password-protected, and are
    almost similar to WORM_BAGLE.G variant. Trend Micro detects the
    password\x{2013}protected .ZIP file attachment as WORM_BAGLE.F-1.


Clamav has just added ArchiveDetectEncrypted.

Sincerely,

Adrian Phillips

--
Who really wrote the works of William Shakespeare ?
http://www.pbs.org/wgbh/pages/frontline/shakespeare/