Re: [Exim] Encrypted Viruii

Pàgina inicial
Delete this message
Reply to this message
Autor: Dennis Davis
Data:  
A: exim-users
Assumpte: Re: [Exim] Encrypted Viruii
>From: Rossz Vamos-Wentworth <rossz@???>
>To: Exim-users <exim-users@???>
>Subject: Re: [Exim] Encrypted Viruii
>Date: Thu, 04 Mar 2004 18:58:58 -0800
>
>Ron McKeating wrote:
>> We are seeing more of these emails with an encrypted zip file containing
>> a virus with the password in the text. You would have to be a very
>> stupid user to fall for this, but are we the only site to have one or
>> two very stupid users...?
>
>I'm using Exiscan-ACL and reject the more dangerous file types such
>as exe and pif. My reject message specifically says to archive
>those types up. I won't reject simply because a zip is password
>protected since that could be legitimate.


Yesterday Sophos released an IDE file to detect these password
protected zip viruses. See:

http://www.sophos.com/virusinfo/analyses/w32baglezip.html

for details. So far we've picked up >400 copies of this virus since
uploading this IDE file. It's good to see:

rejected after DATA: rejected by exiscan-acl: message contains malware (W32/Bagle-Zip)

in your logs.

I haven't checked, but I presume other virus-detection companies
will be producing something similar.