[Mimedefang] New .zip virus?
Rick Mallett
rmallett at ccs.carleton.ca
Tue Jan 27 12:59:13 EST 2004
Good point. I've just changed my code to
my $size = (stat($entity->bodyhandle->path))[7];
if (lc($ext) =~ /zip/ && $size < 30000) {
my $test = `/bin/unzip -p $path | wc -c`;
$size = $test if $test =~ /^\s*\d+\s*$/;
}
- rick
On Tue, 27 Jan 2004, Brent J. Nordquist wrote:
> On Tue, 27 Jan 2004, Rick Mallett <rmallett at ccs.carleton.ca> wrote:
>
> > It uses "unzip | wc -c" to check the file size and only discards if it
> > is in a smaller size range (22528-22530)
>
> The only thing that's been holding me back from doing that here, or
> implementing similar measures (e.g. unzip and see if there's only a .scr
> or .pif inside), is the fear of a "10 gigabytes of 0's" DoS ZIP file.
>
> --
> Brent J. Nordquist <b-nordquist at bethel.edu> N0BJN
> Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
> * Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
>
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
More information about the MIMEDefang
mailing list