[Mimedefang] Password protected Bagle.F
Lucas Albers
albersl at cs.montana.edu
Tue Mar 2 20:39:31 EST 2004
Dirk Mueller said:
> On Tuesday 02 March 2004 21:50, David Prestwich wrote:
>
>> I'm using clamav and thought that there
>> was a way to force it to scan password protected files.
>
> Yes, via the supersecrect --ignore-encryption option to unzip.
As near as I unerstand from the clamav list.
Clam cannot detect encrypted virus's.
I believe this is a flaw in clamav, that cannot be easily remedied. This
is "To the best of my knowldege."
You have some options.
Add in another virus scanner.
Bounce password protected zips.
Bounce zips.
Bounce password protected zips with certain file types.
The easiest thing to do, and what I am doing currently, is bounce zip
files for a few days, while I figure out what to do on my internal mail
server.
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-March/020563.html
This is the first salvo in widespread adoption of password protected zip
files imo.
So consider zip-encrypted files a new file type extension.
So I reccomend to block:
zip-encrypted zip files by default.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list