[Mimedefang] Password Protected Zip file - Containing Virus (f-protd)

Larry Starr larrys at fullcompass.com
Wed Mar 3 12:58:19 EST 2004


I have been seeing a number of messages containing Password Protected ".zip" 
files, the ".exe" file, in the ".zip" file contains "W32/Bagle.J at mm".

For my installation I would like to quarantine these, based on the "Encrypted" 
zip contents.

I can do this by modifying "item_contains_virus_fprotd", to return 
"quarantine", for "code == 4".

I am, however, reluctant to modify the existing distributed code "2.37".  Can 
anyone suggest a better solution that will not add a lot of overhead to my 
mimedefang-filter?

Thank you,
-- 
Larry G. Starr - larrys at fullcompass.com or starrl at globaldialog.com
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347  FAX: 608-831-6330
===================================================================
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway



More information about the MIMEDefang mailing list