Re: [exim] [OT] Emergency!!! Is anyone else getting this vir…

Top Page
Delete this message
Reply to this message
Author: Exim User's Mailing List
Date:  
To: Chris Meadors
CC: Exim User's Mailing List
Subject: Re: [exim] [OT] Emergency!!! Is anyone else getting this virus/worm?
[ On Monday, November 15, 2004 at 11:49:18 (-0500), Chris Meadors wrote: ]
> Subject: Re: [exim] [OT] Emergency!!! Is anyone else getting this virus/worm?
>
> Although there was recently a bug found that if the header of a zip file
> was altered to report the size of a file to be 0 bytes many scanners
> would skip over the file assuming it to be safe. I wonder if the same
> trick could be played to make the compression ratio look lower than it
> actually is...


It is almost certain that such a trick can, has, and is, being played,
though I've taken to just rejecting all ZIP files so I don't know of any
current canonical examples. :-)

Generally speaking data compression (and encryption) is something that
really should always be applied to the archive _after_ it is created,
not to the individual objects within an archive -- then at least a
scanner can work in a streaming mode of operation.

-- 
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>