[Mimedefang] Password protected Bagle.F
Michael Haro
michael.haro at resources.ca.gov
Tue Mar 2 15:55:19 EST 2004
I passed along that info about looking at the checksum of the file in
the zip and got this reply...
--------------------------------
From: "Diego d'Ambra" (the guy that did the latest clamav pattern
update)
Thank for the info, but currently ClamAV contains no "engine" that
allows retrieval of these information.
So your best option would be to do it through the MTA or let ClamAV scan
the full e-mail (the DB has 2 signatures that should detect the Bagle
e-mail).
Best regards,
Diego d'Ambra
--------------------------------
Michael
-----Original Message-----
From: David Prestwich [mailto:dprestwich at pacsim.com]
Sent: Tuesday, March 02, 2004 12:51 PM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Password protected Bagle.F
I'm missing this virus as well - I'm using clamav and thought that there
was a way to force it to scan password protected files. Has anyone had
any luck with this? I don't think that it will do this.
David
Dirk Mueller wrote:
>On Monday 01 March 2004 19:25, Jon R. Kibler wrote:
>
>
>
>>file has a different password -- thus each zip file would have a
>>different signature.
>>
>>
>
>Thats true, but it has some defects that makes detection easy:
>
>
>
>
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang
mailing list MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list