Feature Request
Jan-Peter Koopmann
Jan-Peter.Koopmann at SECEIDOS.DE
Tue Nov 4 13:36:30 GMT 2003
Hi Julian,
I have a feature request. Not sure if and how this can be done but why
not dream about it... :-)
Some virusi obviously start using "wrong" zip files. CRC does not match
and similar things. Today I received some customer complaints that
readnow.zip came through. I analyzed the file a bit and it was only 128
bytes long. Windows XP unzip does not say anything, unzip says things
like
proxy:/tmp # unzip readnow.zip
Archive: readnow.zip
warning [readnow.zip]: 3 extra bytes at beginning or within zipfile
(attempting to process anyway)
file #1: bad zipfile offset (local header sig): 3
(attempting to re-compensate)
extracting: readnow.doc.scr
Moreover "wrong" ZIP files might not extract with unzip (and therefore
clamav etc. might not catch them) but Windows XP will unzip them without
complaints.
What if we test archives and consider them "Dangerous Contents" (or
similar) when they do not check out (CRC, unzip impossible etc.)?
Regards,
JP
More information about the MailScanner
mailing list