[Mimedefang] patch to add blocking of encrypted email via uv scan

Matthew.van.Eerde at hbinc.com Matthew.van.Eerde at hbinc.com
Mon Dec 8 18:51:59 EST 2003


Ah - confusion!  What is "encrypt" and what is "compress"?

"Compression" is the art of making data smaller.  Zip is a compression
utility.  If you don't know how to unzip, it makes the data impossible to
read.  But, it's easy to know how to unzip - that's why clamscan can catch
the virus.

"Encryption" is the art of hiding data from casual observers.  Zip can also
encrypt.  That is to say, it is possible to specify a password when adding
files to a zip archive.  Without knowledge of the password, (or time to
guess it) the file cannot be extracted from the zip archive.

AFAIK, there is NO virus scanner which will take the time to guess passwords
while scanning attached archives.  Such a virus scanner would take a while,
if the password was good.

> > Huh? Where does the passphrase come from? It can't be good 
> encryption if
> > the
> > virus scanner can get into it.
> >
...
> Encrypt a file.
> zip -e virus.zip virus.
> 
> Then clamscan|f-prot it (with unarchive option), and it will 
> see the virus.
> Uvscan will not.
> 



More information about the MIMEDefang mailing list