[Mimedefang] patch to add blocking of encrypted email via uv scan
Kelson Vibber
kelson at speed.net
Mon Dec 8 20:07:02 EST 2003
At 04:32 PM 12/8/2003, Matthew.van.Eerde at hbinc.com wrote:
>My question then is *how* does clamscan recognize the virus???
Good question. I just ran the same test, and clamscan *didn't* detect
it. (Frankly, I didn't expect it to, but I figured I'd try anyway.)
Luke, have you tried opening the file to see if it requires a password to
open? If not, it probably isn't really encrypted. If so, I have no idea
how clam was able to spot the encrypted content.
(Of course, since encrypted zip files require a password in order to open
them, so it takes a little extra social engineering to make it execute.)
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list