[Mimedefang] patch to add blocking of encrypted email via uv scan

Lucas Albers admin at cs.montana.edu
Mon Dec 8 21:20:32 EST 2003


> Luke, have you tried opening the file to see if it requires a password to
> open?  If not, it probably isn't really encrypted.  If so, I have no idea
> how clam was able to spot the encrypted content.
>
> (Of course, since encrypted zip files require a password in order to open
> them, so it takes a little extra social engineering to make it execute.)
>
>
> Kelson Vibber
> SpeedGate Communications <www.speed.net>

I stand corrected, duh. Did it ass-backwards, zipped it.


Nothing cracks zip encrypted files. (Virus Scanners at least.)


I run my virus scans in this order:

 if ($Features{"Virus:NAI"}) {
     if ($Features{'Virus:FileScan'}) {
     if ($Features{'Virus:FPROT'}) {
      if ($Features{'Virus:CLAMAV'}) {


Normally mcafee catches all the virus, for the past week f-prot has been
catching the (Swen) virus, that means that uvscan is not working correctly.

It _appears_ some virus's are slipping by mcafee.
I am researching this (So I don't slip on my face again) and will post my
results shortly.


--Luke



More information about the MIMEDefang mailing list