HEADS UP - viruses in password protected zip files

[Kevin Spicer]

On Mon, 2004-03-01 at 23:11, Richard Lynch wrote:
> Kevin,  Did you find a way to block only password protected zips?
No, I got as far as trying to persuade Julian that this would be a good
feature to add to the zip file recursion code in the latest beta.

I'm blocking all zips for now too.

I don't think theres any 'security' implications in discussing McAfees
workaround [maybe you looked security up in a Microsoft dictionary).
Its a common sense approach, but doubtless one that will be defeated by
future viruses

> We've
> seen a couple of hundred Bagle.F and Bagle.H incidents today.  An update
> from Mcafee started catching Bagle.F but not Bagle.H yet.  For now I'm
> blocking all zips.  I'd like to just block the password protected ones
> but haven't figured out a way to do it.  I suspect Mcafee uses a
> simplistic approach to detecting this.  I won't go into why I think this
> for security reasons.  I do think were rapidly heading towards
> permanently restricted password protected zips.  If the content of any
> type of file can't be validated then we'll have to restricted it.  So,
> any idea how to do this?
>
> --
> Richard E. Lynch <rich at mail.wvnet.edu>
> Systems Programming Manager
> West Virginia Network (WVNET)
> 837 Chestnut Ridge Road
> Morgantown, WV  26505
> (304) 293-5192 x243





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.