Blocking exe's, pif's, etc inside Zip file

Tristan Rhodes tristanr at CI.GRANDJCT.CO.US
Thu Feb 26 17:53:52 GMT 2004


Interesting idea.  Perhaps you can arbitrarily specify a depth that legitimate email should not go past (or make if configurable).  If the zip continues deeper, stop processing and mark it as suspicious (or whatever).  This way, a virus buried deep in a zip file will never make it through undetected.

How many end-users will dig into a zip many levels deep?  Now that I think about it, most people would keep clicking, curious about what is in the file.

Tristan Rhodes

>>> mailscanner at ECS.SOTON.AC.UK 02/26/04 10:03AM >>>
This is something I have started to look at. One of the problems is working
out how it can be attacked and how best to handle the attacks.

I would like to be able to check all the names in all the zip files that
might be contained within further zip files, which could all be in 1 zip
file attached to the message. If I check n levels down, someone will just
pack their files in n+1 levels to beat me. Making sure that cannot be
attacked is tricky.

At 16:56 26/02/2004, you wrote:
>I know this has been brought up in the last couple of weeks but I'm not
>sure what the general opinion is.  We had a virus slip in through with a
>zip file yesterday.  We block all the other dangerous extensions/file
>types.  I'm going to be forced to block zip files unless someone has a way
>to extract dangerous files inside zip files.
>
>Steve Evans
>SDSU Foundation
>

--
Julian Field
www.MailScanner.info 
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654




More information about the MailScanner mailing list