[Mimedefang] clamav
-ray
ray at ops.selu.edu
Fri Jun 10 18:06:04 EDT 2005
Clamav has missed a few zip virii lately. I believe variants of the Mytob
virus. Most of them when unzipped have the same format:
[root at norm tmp]# unzip accepted-password.zip
Archive: accepted-password.zip
extracting: accepted-password.txt .exe
Notice lots and lots of spaces in the filename to fool users into thinking
it's a .txt file. Has anyone coded a MD rule to check for more than say
10 consequtive spaces in a filename in a zip file? Should be pretty
simple, just haven't had time to look at it yet...
Also any suggestions for an anti-virus (commercial or not) to supplement
ClamAV?
(PS i'm not trying to discredit clam, it's a great tool and we use it a
lot. i do submit the samples when i come across them. defense in layers
is always better though...)
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
More information about the MIMEDefang
mailing list