Blocking exe's, pif's, etc inside Zip file
MailScanner
mailscanner at SMITS.CO.UK
Fri Feb 27 09:44:55 GMT 2004
FYI, Sybari Antigen handles this by blocking the message with an
'ExceedinglyNested' pseudo-virus warning. This is issued after it finds
more than five nested archive files:
http://www.sybari.com/support/faq_answer.asp?id=47&product=AE6
I can't see how anybody could have a legitimate reason to pack an
attached archive more than five levels.
Bart...
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Posted At: 26 February 2004 17:04
Posted To: MailScanner
Conversation: Blocking exe's, pif's, etc inside Zip file
Subject: Re: Blocking exe's, pif's, etc inside Zip file
This is something I have started to look at. One of the problems is
working out how it can be attacked and how best to handle the attacks.
I would like to be able to check all the names in all the zip files that
might be contained within further zip files, which could all be in 1 zip
file attached to the message. If I check n levels down, someone will
just pack their files in n+1 levels to beat me. Making sure that cannot
be attacked is tricky.
At 16:56 26/02/2004, you wrote:
>I know this has been brought up in the last couple of weeks but I'm not
>sure what the general opinion is. We had a virus slip in through with
>a zip file yesterday. We block all the other dangerous extensions/file
>types. I'm going to be forced to block zip files unless someone has a
>way to extract dangerous files inside zip files.
>
>Steve Evans
>SDSU Foundation
>
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list