[Mimedefang] patch to add blocking of encrypted email via uv scan
Michael Sofka
sofkam at rpi.edu
Tue Dec 9 09:12:30 EST 2003
> Luke, have you tried opening the file to see if it requires a password to
> open? If not, it probably isn't really encrypted. If so, I have no idea
> how clam was able to spot the encrypted content.
If the same password, or a small set of passwords are used with the
virus, then the resulting encrypted file is constant (or a small set
of constant files), and so the virus scanner will still have patterns
to search for. Or, it could decrypt the file and search for a single
pattern, presumably whichever is more efficient.
Mike
--
Michael D. Sofka sofkam at rpi.edu
C&CT Sr. Systems Programmer Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
More information about the MIMEDefang
mailing list