[Mimedefang] New .zip virus?
James Miller
jimm at simutronics.com
Tue Jan 27 15:08:25 EST 2004
Hi all,
Could someone please forward me a copy of Rick's original code snippet? I
goofed, deleted and purged the message when I wanted to keep it <arg>!
Send it off-channel to jimm at simutronics.com
Thanks,
Jim
> On Tue, 27 Jan 2004, Brent J. Nordquist wrote:
>
> > The only thing that's been holding me back from doing that here, or
> > implementing similar measures (e.g. unzip and see if there's only a .scr
> > or .pif inside), is the fear of a "10 gigabytes of 0's" DoS ZIP file.
>
> If you have GNU cut, this should be safe:
>
> unzip -p $part | cut -b -100000 | wc
>
> That should kill the unzip once it goes past 100K.
>
> Better yet, why not do the equivalent of:
>
> unzip -l $part | grep -i $bad_exts
>
> Just check if the unzipped file has any .exe, .pif, etc. in it. This
> is more reliable and future-proof than testing for a specific size.
More information about the MIMEDefang
mailing list